Rockwell FactoryTalk Services Platform XXE (ICSA-20-177-02) – Product Used in the Water and Wastewater Sector

CISA has published an advisory on an improper restriction of XML external entity reference vulnerability in Rockwell Automation FactoryTalk Services Platform. Versions 6.11.00 and earlier affected. Successful exploitation of this vulnerability could lead to a denial-of-service condition and to the arbitrary reading of any local file via system level services. Affected users are encouraged to use Rockwell Automation Knowledgebase article 25612 to determine if FactoryTalk Services Platform is installed. CISA also recommends a series of measures to mitigate the vulnerability. Access the advisory at CISA.