Security Advisory

CVE-2018-10832

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-05-11 21:00:00

Last updated 2024-08-05 07:46:47

Assigner mitre

State PUBLISHED

Description

ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.

← Browse all CVEs View on cve.org ↗