GCVE - cpe:2.3:a:invensys:wonderware_information

Approved changes feed: RSS · Atom

cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1:*:*:portal:*:*:*

part: a version: 4.0 update: sp1

Vendor	Invensys (`71736450-6408-5b87-8efb-79f5d5ed779e`)
Product	Wonderware Information Server (`77ef1dcf-b77c-57f6-872e-cf61f43cce22`)
Edition	*
Language	*
Software edition	portal
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-5399`	vulnerable	2026-06-03 14:34:06.351615	Schneider Electric Wonderware SQL Injection SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: 2014-08-28T01:00:00.000Z Updated: 2025-10-31T23:17:37.919Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-5398`	vulnerable	2026-06-03 14:34:06.351081	Schneider Electric Wonderware Input Validation Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: 2014-08-28T01:00:00.000Z Updated: 2025-10-31T23:16:04.348Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-5397`	vulnerable	2026-06-03 14:34:06.348939	Schneider Electric Wonderware Cross-site Scripting Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2014-08-28T01:00:00.000Z Updated: 2025-10-31T23:14:04.849Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2381`	vulnerable	2026-06-03 14:33:50.775446	Schneider Electric Wonderware Inadequate Encryption Strength Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. Published: 2014-08-28T01:00:00.000Z Updated: 2025-10-31T23:19:54.894Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2380`	vulnerable	2026-06-03 14:33:50.773116	Schneider Electric Wonderware Inadequate Encryption Strength Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. Published: 2014-08-28T01:00:00.000Z Updated: 2025-10-31T23:11:04.615Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Wonderware Information Server

PURL mappings

Vulnerability references

Contribute