CVE-2014-5397 Schneider Electric Wonderware Cross-site Scripting

🗓️ 28 Aug 2014 01:00:00Reported by icscertType

Schneider Electric WIS Portal XSS vulnerability

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2014-5397	28 Aug 201401:00	–	cve
EUVD	EUVD-2014-5285	7 Oct 202500:30	–	euvd
ICS	Schneider Electric Wonderware Vulnerabilities	29 May 201406:00	–	ics
NVD	CVE-2014-5397	28 Aug 201401:55	–	nvd
Prion	Cross site scripting	28 Aug 201401:55	–	prion
Positive Technologies	PT-2014-19: Multiple Cross-Site Scripting (XSS) vulnerabilities in Wonderware Information Server	1 Apr 201400:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "Wonderware Information Server Portal",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "4.0 SP1"
      },
      {
        "status": "affected",
        "version": "4.5"
      },
      {
        "status": "affected",
        "version": "5.0"
      },
      {
        "status": "affected",
        "version": "5.5"
      }
    ]
  }
]

Source	Link
github	www.github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-14-238-02

31 Oct 2025 23:14Current

5.6Medium risk

Vulners AI Score5.6

CVSS 27.5

EPSS0.00397

CWE-79