Filtered by vendor Invensys Subscriptions
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-0225 1 Invensys 1 Wonderware Information Server 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0226 1 Invensys 1 Wonderware Information Server 2024-08-06 N/A
SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-5398 1 Invensys 1 Wonderware Information Server 2024-08-06 N/A
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-5399 1 Invensys 1 Wonderware Information Server 2024-08-06 N/A
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-5397 1 Invensys 1 Wonderware Information Server 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2381 1 Invensys 1 Wonderware Information Server 2024-08-06 N/A
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.
CVE-2014-2380 1 Invensys 1 Wonderware Information Server 2024-08-06 N/A
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.