CVE-2017-7907

N/A

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.

N/A

XML外部实体引用的不恰当限制(XXE)

Schneider Electric Wonderware Historian Client 安全漏洞

Schneider Electric Wonderware Historian Client是法国施耐德电气（Schneider Electric）公司的一套用于将高速数据采集存储系统与传统的关系数据库管理系统相结合的工业数据管理软件客户端。 Schneider Electric Wonderware Historian Client 2014 R2 SP1及之前的版本中存在安全漏洞。攻击者可通过提交恶意的输入利用该漏洞造成拒绝服务，或泄露服务器的文件内容。

N/A

N/A