The following Schneider Electric WIS versions are affected:
- Wonderware Information Server 4.0 SP1 Portal,
- Wonderware Information Server 4.5 Portal,
- Wonderware Information Server 5.0 Portal, and
- Wonderware Information Server 5.5 Portal.
CVE-2014-2381 & CVE-2014-2380/Local & Web & SQL/Weak encryption & hardcoded accounts
CVE-2014-5397/Web/Lot of XSS
CVE-2014-5398/Web/XXE OOB
CVE-2014-5399/Web/SQLi & RCE
Kudos: Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov.
ICS CERT Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02
Enjoy
No comments:
Post a Comment