Lucene search
K

39 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-5286

Malware in sbrugna...

2.1CVSS6.4AI score0.00565EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-5285

Malware in sbrugna...

4.3CVSS6.4AI score0.01512EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-5287

Malware in sbrugna...

7.5CVSS6.4AI score0.01587EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0696

Malware in sbrugna...

9.3CVSS6.4AI score0.03287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 a.m.11 views

CVE-2013-0686

Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in...

9.3CVSS7.2AI score0.02078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 a.m.7 views

CVE-2013-0685

Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service resource consumption via unknown vectors...

9.3CVSS8.2AI score0.03287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 a.m.7 views

CVE-2013-0684

SQL injection vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.8AI score0.0126EPSS
Exploits0References1
NVD
NVD
added 2014/08/28 1:55 a.m.14 views

CVE-2014-5397

Cross-site scripting XSS vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

7.5CVSS5.7AI score0.01512EPSS
Exploits0References4
NVD
NVD
added 2014/08/28 1:55 a.m.17 views

CVE-2014-5399

SQL injection vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.3AI score0.01587EPSS
Exploits0References4
Prion
Prion
added 2014/08/28 1:55 a.m.17 views

Design/Logic Flaw

Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file...

7.8CVSS6.6AI score0.00752EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2014/08/28 1:55 a.m.13 views

Sql injection

SQL injection vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS9AI score0.01587EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/08/28 1:0 a.m.43 views

CVE-2014-5399

CVE-2014-5399 corresponds to SQL injection vulnerabilities in Schneider Electric Wonderware Information Server (WIS) Portal. Connected PT-2014-21 confirms multiple SQL injection flaws affecting WIS, with the vendor releasing updates to mitigate these issues. Affected products include Wonderware I...

7.5CVSS8.6AI score0.01587EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/08/28 1:0 a.m.13 views

CVE-2014-5398 Schneider Electric Wonderware Input Validation

Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

2.1CVSS6.8AI score0.00565EPSS
Exploits0References2
CVE
CVE
added 2014/08/28 1:0 a.m.45 views

CVE-2014-5397

CVE-2014-5397 concerns multiple Cross-Site Scripting (XSS) vulnerabilities in Schneider Electric Wonderware Information Server (WIS) Portal. Affected: WIS Portal versions 4.0 SP1 through 5.5. Root cause: improper input handling/encoding in the web portal frontend, allowing arbitrary web script or...

7.5CVSS5.8AI score0.01512EPSS
Exploits0References4Affected Software1
ICS
ICS
added 2014/05/29 6:0 a.m.64 views

Schneider Electric Wonderware Vulnerabilities

OVERVIEW Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team have identified four vulnerabilities in the Schneider Electric Wonderware Information Server WIS. Schneider Electric has produced an update that mitigates...

7.8CVSS7.5AI score0.01587EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2014/04/01 12:0 a.m.7 views

PT-2014-19: Multiple Cross-Site Scripting (XSS) vulnerabilities in Wonderware Information Server

The specialists of the Positive Research center have detected multiple Cross-Site Scripting vulnerabilities in Wonderware Information Server. WIS fails to validate, filter, or encode user input before returning it to a user’s web client, which allows remote attackers to inject arbitrary web scrip...

4.3CVSS6.4AI score0.01512EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2014/04/01 12:0 a.m.8 views

PT-2014-18: Weak encryption of account data in Wonderware Information Server

The specialists of the Positive Research center have detected a Weak encryption of account data vulnerability in Wonderware Information Server. Encryption of WIS is insufficient. This vulnerability could allow elevation of privileges if an attacker decrypts the credentials. The system would need ...

2.1CVSS6.5AI score0.00145EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2014/04/01 12:0 a.m.14 views

PT-2014-17: Weak encryption of account data in Wonderware Information Server

The specialists of the Positive Research center have detected a Weak encryption of account data vulnerability in Wonderware Information Server. Encryption of WIS is insufficient. This vulnerability could allow elevation of privileges if an attacker decrypts the credentials. The system would need ...

7.8CVSS6.5AI score0.00752EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2014/04/01 12:0 a.m.8 views

PT-2014-21: Multiple SQL injection vulnerabilities in Wonderware Information Server

The specialists of the Positive Research center have detected multiple SQL injection vulnerabilities in Wonderware Information Server. WIS is vulnerable to SQL Injection vulnerabilities by performing database operations that were unintended by the web application designer and, in some instances,...

10CVSS8.4AI score0.01587EPSS
Exploits0References4
NVD
NVD
added 2013/05/09 12:31 p.m.22 views

CVE-2013-0688

Cross-site scripting XSS vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01012EPSS
Exploits0References1
Rows per page
Query Builder