Missing XML Validation

CVE-2020-27282

Medium

4.3/10

Summary

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-112 - Missing XML Validation

The software accepts XML from an untrusted source but does not validate the XML against the proper schema.

References

Advisory Timeline

Published Mar 15, 2021

Missing XML Validation

CVE-2020-27282

Summary

CWE-112 - Missing XML Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS