CVE-2014-2380
Schneider Electric Wonderware Information Server - Info Disclosure
Title source: llmDescription
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.
References (3)
Core 3
Core References
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02
Scores
EPSS
0.0014
EPSS Percentile
33.2%
Details
CWE
CWE-326
Status
published
Products (8)
invensys/wonderware_information_server
4.0 sp1 (2 CPE variants)
invensys/wonderware_information_server
4.5
invensys/wonderware_information_server
5.0
invensys/wonderware_information_server
5.5
Schneider Electric/Wonderware Information Server Portal
4.0 SP1
Schneider Electric/Wonderware Information Server Portal
4.5
Schneider Electric/Wonderware Information Server Portal
5.0
Schneider Electric/Wonderware Information Server Portal
5.5
Published
Aug 28, 2014
Tracked Since
Feb 18, 2026