Skip to main content

Wonderware Information Server

15 CVEs product

Monthly

CVE-2014-5399 HIGH This Week

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric SQLi Wonderware Information Server
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-5398 LOW Monitor

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric XXE Denial Of Service Wonderware Information Server
NVD GitHub
CVSS 2.0
2.1
EPSS
0.3%
CVE-2014-5397 HIGH This Week

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schneider Electric Wonderware Information Server
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-2381 LOW Monitor

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Wonderware Information Server
NVD GitHub
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-2380 HIGH This Week

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Wonderware Information Server
NVD GitHub
CVSS 2.0
7.8
EPSS
0.1%
CVE-2013-0688 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Wonderware Information Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0686 CRITICAL Act Now

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service XXE Wonderware Information Server
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2013-0685 CRITICAL Act Now

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service RCE Wonderware Information Server
NVD
CVSS 2.0
9.3
EPSS
1.9%
CVE-2013-0684 HIGH This Week

SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wonderware Information Server
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2012-3005 MEDIUM This Month

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Foxboro Control Software Infusion Ce Fe Scada Intouch Intouch Wonderware Application Server +3
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-0258 MEDIUM This Month

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Archestra Application Object Toolkit Foxboro Control Software Infusion Control Edition +5
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2012-0257 MEDIUM This Month

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Archestra Application Object Toolkit Foxboro Control Software Infusion Control Edition +5
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2012-0228 HIGH This Week

Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Wonderware Information Server
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2012-0226 HIGH This Week

SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wonderware Information Server
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-0225 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Wonderware Information Server
NVD
CVSS 2.0
4.3
EPSS
1.0%
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric SQLi Wonderware Information Server
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric XXE Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schneider Electric Wonderware Information Server
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Wonderware Information Server
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Wonderware Information Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Wonderware Information Server
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service XXE Wonderware Information Server
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service RCE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wonderware Information Server
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Foxboro Control Software Infusion Ce Fe Scada +5
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Archestra Application Object Toolkit +7
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Archestra Application Object Toolkit +7
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Wonderware Information Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wonderware Information Server
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Wonderware Information Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy