La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2020-7572 – Schneider Electric Strux

CVE-2020-7572 – Schneider Electric StruxureWare Building Operation WebReports

Vulnerability Description: Improper Restriction of XML External Entity Reference
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
NISThttps://nvd.nist.gov/vuln/detail/CVE-2020-7572
CVSv3: 8.8
Severity:
High
Credits
: Alessandro Bosco, Luca Di Giuseppe, Alessandro Sabetta, Massimiliano Brolli

A remote user, authenticated to Building Operation WebReports, is able to inject arbitrary XML code containing a reference to an external entity via a crafted HTTP request into the server-side XML parser without being sanitized. By exploiting this vulnerability, an attacker can access the contents of a file on the system potentially containing sensitive data, other restricted web resources via server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts like a denial of service.