CVE-2014-7251
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
06/12/2014
Last modified:
12/04/2025
Description
XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.
Impact
Base Score 2.0
3.20
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:yokogawa:fast\/tools:r9.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:yokogawa:fast\/tools:r9.02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:yokogawa:fast\/tools:r9.03:*:*:*:*:*:*:* | ||
| cpe:2.3:a:yokogawa:fast\/tools:r9.04:*:*:*:*:*:*:* | ||
| cpe:2.3:a:yokogawa:fast\/tools:r9.05:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://jvn.jp/en/jp/JVN54775800/index.html
- http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html
- http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99018
- http://jvn.jp/en/jp/JVN54775800/index.html
- http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html
- http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99018