Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.