Vulnerabilities > CVE-2014-2380 - Weak Encryption Security Weakness in Wonderware Information Server

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

invensys

NVD

Published: 2014-08-28

Updated: 2014-08-28

Summary

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. <a href="http://cwe.mitre.org/data/definitions/326.html" target="_blank">CWE-326: Inadequate Encryption Strength</a>

Vulnerable Configurations

Part	Description	Count
Application	Invensys Invensys Wonderware Information Server 4.0 Invensys Wonderware Information Server 4.5 Invensys Wonderware Information Server 5.0 Invensys Wonderware Information Server 5.5	5

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02