CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5397
https://notcve.org/view.php?id=CVE-2014-5397
Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/69418 https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5398
https://notcve.org/view.php?id=CVE-2014-5398
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 permite a atacantes remotos leer ficheros arbitrarios o causar una denegación de servicio a través de una declaración de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE). • https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5399
https://notcve.org/view.php?id=CVE-2014-5399
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/69416 https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2380
https://notcve.org/view.php?id=CVE-2014-2380
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 utiliza codificaciones débiles, lo que permite a atacantes remotos obtener información sensible mediante la lectura de un fichero de credenciales. • https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2381
https://notcve.org/view.php?id=CVE-2014-2381
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 utiliza codificaciones débiles, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero de credenciales. • https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 •