Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24052
Reference (s):
- https://ioac.tv/3hy1xu6
- https://ioactive.com/moog-exo-series-multiple-vulnerabilities/