CVE-2014-5398 Schneider Electric Wonderware Input Validation

🗓️ 28 Aug 2014 01:00:00Reported by icscertType

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 XML External Entity (XXE) vulnerability

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2014-5398	28 Aug 201401:00	–	cve
EUVD	EUVD-2014-5286	7 Oct 202500:30	–	euvd
ICS	Schneider Electric Wonderware Vulnerabilities	29 May 201406:00	–	ics
NVD	CVE-2014-5398	28 Aug 201401:55	–	nvd
Prion	Xxe	28 Aug 201401:55	–	prion
Positive Technologies	PT-2014-20: XML External Entities Resolution vulnerability in Wonderware Information Server	1 Apr 201400:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "Wonderware Information Server Portal",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "4.0 SP1"
      },
      {
        "status": "affected",
        "version": "4.5"
      },
      {
        "status": "affected",
        "version": "5.0"
      },
      {
        "status": "affected",
        "version": "5.5"
      }
    ]
  }
]

Source	Link
github	www.github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-14-238-02

31 Oct 2025 23:16Current

6.8Medium risk

Vulners AI Score6.8

CVSS 22.1

EPSS0.00309

CWE-20

schneider electric; wonderware information server; xml external entity; xxe; vulnerability; cve-2014-5398