CVE-2014-2380

2014-08-2801:55:03

[email protected]

web.nvd.nist.gov

schneider electric

wonderware

information server

wis portal

weak encryption

remote attackers

sensitive information

credential file

cve-2014-2380

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

JSON

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.

Affected configurations

NVD

Node

invensyswonderware_information_serverMatch4.0sp1

invensyswonderware_information_serverMatch4.0sp1portal

invensyswonderware_information_serverMatch4.5-portal

invensyswonderware_information_serverMatch5.0-portal

invensyswonderware_information_serverMatch5.5portal

CPENameOperatorVersion
invensys:wonderware_information_serverinvensys wonderware information servereq4.0
invensys:wonderware_information_serverinvensys wonderware information servereq4.5
invensys:wonderware_information_serverinvensys wonderware information servereq5.0
invensys:wonderware_information_serverinvensys wonderware information servereq5.5

CPE	Name	Operator	Version
invensys:wonderware_information_server	invensys wonderware information server	eq	4.0
invensys:wonderware_information_server	invensys wonderware information server	eq	4.5
invensys:wonderware_information_server	invensys wonderware information server	eq	5.0
invensys:wonderware_information_server	invensys wonderware information server	eq	5.5