CVE-2014-2381

2014-08-2801:55:03

[email protected]

web.nvd.nist.gov

schneider electric

wonderware

information server

wis

portal

weak encryption

local users

sensitive information

credential file

cve-2014-2381

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

Affected configurations

NVD

Node

invensyswonderware_information_serverMatch4.0sp1

invensyswonderware_information_serverMatch4.0sp1portal

invensyswonderware_information_serverMatch4.5-portal

invensyswonderware_information_serverMatch5.0-portal

invensyswonderware_information_serverMatch5.5portal

CPENameOperatorVersion
invensys:wonderware_information_serverinvensys wonderware information servereq4.0
invensys:wonderware_information_serverinvensys wonderware information servereq4.5
invensys:wonderware_information_serverinvensys wonderware information servereq5.0
invensys:wonderware_information_serverinvensys wonderware information servereq5.5

CPE	Name	Operator	Version
invensys:wonderware_information_server	invensys wonderware information server	eq	4.0
invensys:wonderware_information_server	invensys wonderware information server	eq	4.5
invensys:wonderware_information_server	invensys wonderware information server	eq	5.0
invensys:wonderware_information_server	invensys wonderware information server	eq	5.5