Hart Comm Dtm
CVE-2015-6463
MEDIUM
Severity by source
AV:A/AC:L/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:A/AC:L/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
AnalysisAI
CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.
Technical ContextAI
CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Affected products include: Codewrights Hart Comm Dtm, Endress\+Hauser Hart Comm Dtm.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today