Invensys

Wonderware Information Server

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2014-2380

  • EPSS 0.15%
  • Published 28.08.2014 01:55:03
  • Last modified 12.04.2025 10:46:40

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.

2.1

CVE-2014-2381

  • EPSS 0.03%
  • Published 28.08.2014 01:55:03
  • Last modified 12.04.2025 10:46:40

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

4.3

CVE-2014-5397

  • EPSS 0.25%
  • Published 28.08.2014 01:55:03
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.1

CVE-2014-5398

  • EPSS 0.11%
  • Published 28.08.2014 01:55:03
  • Last modified 12.04.2025 10:46:40

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to ...

7.5

CVE-2014-5399

  • EPSS 0.22%
  • Published 28.08.2014 01:55:03
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

4.3

CVE-2013-0688

  • EPSS 0.25%
  • Published 09.05.2013 12:31:19
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2013-0684

  • EPSS 0.22%
  • Published 09.05.2013 12:31:18
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

9.3

CVE-2013-0685

  • EPSS 2.48%
  • Published 09.05.2013 12:31:18
  • Last modified 11.04.2025 00:51:21

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) vi...

9.3

CVE-2013-0686

  • EPSS 0.46%
  • Published 09.05.2013 12:31:18
  • Last modified 11.04.2025 00:51:21

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML docume...

6.9

CVE-2012-3005

  • EPSS 0.07%
  • Published 26.07.2012 10:41:47
  • Last modified 11.04.2025 00:51:21

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows lo...