11 matches found
EUVD-2014-2418
Malware in sbrugna...
CVE-2014-2381
Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file...
CVE-2014-5398
Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2014-5397
Cross-site scripting XSS vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Sql injection
SQL injection vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-2380
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1–5.5 is affected by Inadequate Encryption Strength (CWE-326). The vulnerability arises from weak encryption of credential data, enabling remote attackers to read a credential file and obtain sensitive information. Some sources a...
CVE-2014-5399
CVE-2014-5399 corresponds to SQL injection vulnerabilities in Schneider Electric Wonderware Information Server (WIS) Portal. Connected PT-2014-21 confirms multiple SQL injection flaws affecting WIS, with the vendor releasing updates to mitigate these issues. Affected products include Wonderware I...
CVE-2014-5397 Schneider Electric Wonderware Cross-site Scripting
Cross-site scripting XSS vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-2381 Schneider Electric Wonderware Inadequate Encryption Strength
Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file...
CVE-2014-5397
CVE-2014-5397 concerns multiple Cross-Site Scripting (XSS) vulnerabilities in Schneider Electric Wonderware Information Server (WIS) Portal. Affected: WIS Portal versions 4.0 SP1 through 5.5. Root cause: improper input handling/encoding in the web portal frontend, allowing arbitrary web script or...