Description
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References (4)
Core 4
Core References
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02
Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/69416
Scores
EPSS
0.0037
EPSS Percentile
58.9%
Details
CWE
CWE-89
Status
published
Products (8)
invensys/wonderware_information_server
4.0 sp1 (2 CPE variants)
invensys/wonderware_information_server
4.5
invensys/wonderware_information_server
5.0
invensys/wonderware_information_server
5.5
Schneider Electric/Wonderware Information Server Portal
4.0 SP1
Schneider Electric/Wonderware Information Server Portal
4.5
Schneider Electric/Wonderware Information Server Portal
5.0
Schneider Electric/Wonderware Information Server Portal
5.5
Published
Aug 28, 2014
Tracked Since
Feb 18, 2026