Vulnerabilities > CVE-2014-2381 - Weak Encryption Security Weakness in Wonderware Information Server

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

invensys

NVD

Published: 2014-08-28

Updated: 2014-08-28

Summary

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. <a href="http://cwe.mitre.org/data/definitions/326.html" target="_blank">CWE-326: Inadequate Encryption Strength</a>

Vulnerable Configurations

Part	Description	Count
Application	Invensys Invensys Wonderware Information Server 4.0 Invensys Wonderware Information Server 4.5 Invensys Wonderware Information Server 5.0 Invensys Wonderware Information Server 5.5	5

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02