PleaseNote Electricalequipmentshouldbeinstalled,operated,serviced,andmaintainedonlyby qualifiedpersonnel.
Overview Schneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric.
Schneider Electric has produced patches that mitigate this vulnerability. Affected Products Schneider Electric reports that the vulnerability affects the following products: Vijeo Citect Version 7.20 and all previous versions, CitectSCADA Version 7.20 and all previous versions, and PowerLogic SCADA Version 7.20 and all previous versions. Impact The vulnerability could lead to the disclosure of confidential information by allowing access to local files and internal resources or cause the server to potentially execute arbitrary HTTP requests, or affect system availability. Impact to individual organizations depends on many factors that are unique to each organization. ICS‑CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.
Background Schneider Electric is a manufacturer and integrator of energy management and industrial automation systems, equipment, and software. The affected Schneider Electric systems are found primarily in energy, manufacturing, and infrastructure applications. Schneider Electric reports operations in over 100 countries worldwide. Vulnerability Characterization Vulnerability Overview. Improper Restriction of XML External Entity Reference The affected products can process an XML document that can contain XML entities with URLs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. CVE-2013-2796 has been assigned to this vulnerability. A CVSS v2 base score of 6.9 has been assigned; the CVSS vector string is (AV:L/AC:M/Au:N/C:C/I:C/A:C).
Vulnerability Details Exploitability This vulnerability is not exploitable remotely. Existence of Exploit No known public exploits specifically target this vulnerability.
Difficulty An attacker with a medium skill level would be able to exploit this vulnerability. Mitigation Schneider Electric has developed patches for Versions 7.10 and 7.20 of each of the affected products. Users of older products should upgrade to a newer, supported version.
![Citect Citect](/uploads/1/2/5/4/125408901/448155362.jpg)
Power System SCADA and Smart Grids by CRC Press Buy - vijeo citect 7.4 basic tutorial in which learn about how to create a project with easy steps and also see some basic application. Vijeo citect 7.4 tutorial vijeo citect 7.4 crack vijeo citect 7.4 free download vijeo citect 7.2 tutorial english vijeo citect 7.5 tutorial vijeo citect report generation vijeo citect redundancy configuration vijeo citect cicode vijeo citect historian vijeo citect trend Popular SCADA videos - Please watch: 'Introduction to SCADA System' -.