Cyber Resilience

CVE-2024-12476

High

Published: 17 January 2025

Published
17 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0031 54.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12476 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Schneider Electric (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 45.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-12476 is an Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Schneider Electric's Web Designer configuration tool. The issue arises when a specifically crafted XML file is imported, potentially causing information disclosure and impacting workstation integrity.

Exploitation requires local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R), such as tricking a user into importing a malicious XML file via social engineering. A successful attack can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), including potential remote code execution on the compromised workstation. The CVSS v3.1 base score is 7.8.

Mitigation details are provided in Schneider Electric's Security Notification SEVD-2025-014-04, available at https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf.

EU & UK References

Vulnerability details

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

XXE triggered by importing a crafted XML config file directly maps to user-assisted malicious file execution; info disclosure and potential RCE are secondary effects of successful exploitation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22186Shared CWE-611
CVE-2025-10713Shared CWE-611
CVE-2026-40682Shared CWE-611
CVE-2026-41066Shared CWE-611
CVE-2025-0162Shared CWE-611
CVE-2026-33913Shared CWE-611
CVE-2025-68493Shared CWE-611
CVE-2026-24400Shared CWE-611
CVE-2024-46603Shared CWE-611
CVE-2025-12531Shared CWE-611

Affected Assets

Schneider Electric
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2024-12476 by identifying, reporting, and applying vendor patches to remediate the XXE vulnerability in the Web Designer tool.

prevent

Validates imported XML files in the Web Designer tool to block external entity references that enable information disclosure and potential RCE.

prevent

Enforces secure configuration settings for the Web Designer tool's XML parser to disable external entity processing and restrict XXE exploitation.

References