39 matches found
EUVD-2014-5286
Malware in sbrugna...
EUVD-2014-5285
Malware in sbrugna...
EUVD-2014-5287
Malware in sbrugna...
EUVD-2013-0696
Malware in sbrugna...
CVE-2013-0686
Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in...
CVE-2013-0685
Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service resource consumption via unknown vectors...
CVE-2013-0684
SQL injection vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-5397
Cross-site scripting XSS vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-5399
SQL injection vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Design/Logic Flaw
Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file...
Sql injection
SQL injection vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-5399
CVE-2014-5399 corresponds to SQL injection vulnerabilities in Schneider Electric Wonderware Information Server (WIS) Portal. Connected PT-2014-21 confirms multiple SQL injection flaws affecting WIS, with the vendor releasing updates to mitigate these issues. Affected products include Wonderware I...
CVE-2014-5398 Schneider Electric Wonderware Input Validation
Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2014-5397
CVE-2014-5397 concerns multiple Cross-Site Scripting (XSS) vulnerabilities in Schneider Electric Wonderware Information Server (WIS) Portal. Affected: WIS Portal versions 4.0 SP1 through 5.5. Root cause: improper input handling/encoding in the web portal frontend, allowing arbitrary web script or...
Schneider Electric Wonderware Vulnerabilities
OVERVIEW Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team have identified four vulnerabilities in the Schneider Electric Wonderware Information Server WIS. Schneider Electric has produced an update that mitigates...
PT-2014-19: Multiple Cross-Site Scripting (XSS) vulnerabilities in Wonderware Information Server
The specialists of the Positive Research center have detected multiple Cross-Site Scripting vulnerabilities in Wonderware Information Server. WIS fails to validate, filter, or encode user input before returning it to a user’s web client, which allows remote attackers to inject arbitrary web scrip...
PT-2014-18: Weak encryption of account data in Wonderware Information Server
The specialists of the Positive Research center have detected a Weak encryption of account data vulnerability in Wonderware Information Server. Encryption of WIS is insufficient. This vulnerability could allow elevation of privileges if an attacker decrypts the credentials. The system would need ...
PT-2014-17: Weak encryption of account data in Wonderware Information Server
The specialists of the Positive Research center have detected a Weak encryption of account data vulnerability in Wonderware Information Server. Encryption of WIS is insufficient. This vulnerability could allow elevation of privileges if an attacker decrypts the credentials. The system would need ...
PT-2014-21: Multiple SQL injection vulnerabilities in Wonderware Information Server
The specialists of the Positive Research center have detected multiple SQL injection vulnerabilities in Wonderware Information Server. WIS is vulnerable to SQL Injection vulnerabilities by performing database operations that were unintended by the web application designer and, in some instances,...
CVE-2013-0688
Cross-site scripting XSS vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...