CVE-2014-2380 Schneider Electric Wonderware Inadequate Encryption Strength

🗓️ 28 Aug 2014 01:00:00Reported by icscertType

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 has weak encryption allowing remote attackers to obtain sensitive information

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2014-2380	28 Aug 201401:00	–	cve
EUVD	EUVD-2014-2417	7 Oct 202500:30	–	euvd
ICS	Schneider Electric Wonderware Vulnerabilities	29 May 201406:00	–	ics
NVD	CVE-2014-2380	28 Aug 201401:55	–	nvd
Prion	Design/Logic Flaw	28 Aug 201401:55	–	prion
Positive Technologies	PT-2014-17: Weak encryption of account data in Wonderware Information Server	1 Apr 201400:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "Wonderware Information Server Portal",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "4.0 SP1"
      },
      {
        "status": "affected",
        "version": "4.5"
      },
      {
        "status": "affected",
        "version": "5.0"
      },
      {
        "status": "affected",
        "version": "5.5"
      }
    ]
  }
]

Source	Link
github	www.github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-14-238-02

31 Oct 2025 23:11Current

6.1Medium risk

Vulners AI Score6.1

CVSS 27.8

EPSS0.00137

CWE-326