Vulnerabilities > Invensys > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-28 | CVE-2014-5399 | SQL Injection vulnerability in Invensys Wonderware Information Server SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-08-28 | CVE-2014-2380 | Weak Encryption Security Weakness in Wonderware Information Server Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. | 7.8 |
| 2013-05-09 | CVE-2013-0684 | SQL Injection vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0 SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-04-02 | CVE-2012-0228 | Permissions, Privileges, and Access Controls vulnerability in Invensys Wonderware Information Server 4.0/4.5 Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | 7.5 |
| 2012-04-02 | CVE-2012-0226 | SQL Injection vulnerability in Invensys Wonderware Information Server 4.0/4.5 SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |