How severe is CVE-2024-54005?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.1 out of 10.

What type of vulnerability is CVE-2024-54005?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2024-54005 - MEDIUM Severity | CVSS 5.1

Vulnerability Description

A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems.

Related Vulnerabilities

CVE-2017-10617

MEDIUM

CVSS:5.0(Medium)

The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks ...

CWE-6112017

CVE-2017-7457

MEDIUM

CVSS:5.0(Medium)

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.

CWE-6112017

CVE-2021-21266

MEDIUM

CVSS:5.0(Medium)

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the same...

CWE-6112021

CVE-2023-4218

MEDIUM

CVSS:5.0(Medium)

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with...

CWE-6112023

CVE-2024-45745

MEDIUM

CVSS:5.0(Medium)

TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6...

CWE-6112024

CVE-2025-2070

MEDIUM

CVSS:5.0(Medium)

An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.

CWE-6112025