Published: 11/05/2018 Updated: 13/06/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.

Vulnerable Product	Search on Vulmon	Subscribe to Product
modbuspal project modbuspal 1.6

[+] Exploit Title: ModbusPal XXE Injection [+] Date: 05-08-2018 [+] Exploit Author: Trent Gordon [+] Vendor Homepage: modbuspalsourceforgenet/ [+] Software Link: sourceforgenet/projects/modbuspal/files/latest/download?source=files [+] Version: 16b [+] Tested on: Ubuntu 1604 with Java 180_151 [+] CVE: CVE-2018-10832 1 Vulnera ...

ModbusPal version 16b suffers from an XML external entity injection vulnerability ...

CWE-611 http://packetstormsecurity.com/files/147573/ModbusPal-1.6b-XML-External-Entity-Injection.html https://www.exploit-db.com/exploits/44607/https://nvd.nist.gov https://www.exploit-db.com/exploits/44607/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10832

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect