← back
CVE-2024-12476

CVE-2024-12476

CVSS 8.4 HIGHEPSS 0.3%CWE-611
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Schneider Electric · Web Designer for BMENOC0311(C)Schneider Electric · Web Designer for BMENOC0321(C)Schneider Electric · Web Designer for BMXNOE0110(H)Schneider Electric · Web Designer for BMXNOR0200H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf