CVE-2024-12476
Published: 17 January 2025
Summary
CVE-2024-12476 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Schneider Electric (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 45.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-12476 is an Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Schneider Electric's Web Designer configuration tool. The issue arises when a specifically crafted XML file is imported, potentially causing information disclosure and impacting workstation integrity.
Exploitation requires local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R), such as tricking a user into importing a malicious XML file via social engineering. A successful attack can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), including potential remote code execution on the compromised workstation. The CVSS v3.1 base score is 7.8.
Mitigation details are provided in Schneider Electric's Security Notification SEVD-2025-014-04, available at https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50888
Vulnerability details
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XXE triggered by importing a crafted XML config file directly maps to user-assisted malicious file execution; info disclosure and potential RCE are secondary effects of successful exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2024-12476 by identifying, reporting, and applying vendor patches to remediate the XXE vulnerability in the Web Designer tool.
Validates imported XML files in the Web Designer tool to block external entity references that enable information disclosure and potential RCE.
Enforces secure configuration settings for the Web Designer tool's XML parser to disable external entity processing and restrict XXE exploitation.