5 results (0.004 seconds)

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 utiliza codificaciones débiles, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero de credenciales. • https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 utiliza codificaciones débiles, lo que permite a atacantes remotos obtener información sensible mediante la lectura de un fichero de credenciales. • https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/69418 https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/69416 https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 hasta 5.5 permite a atacantes remotos leer ficheros arbitrarios o causar una denegación de servicio a través de una declaración de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE). • https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02 • CWE-20: Improper Input Validation •