Vulnerabilities > Invensys > Wonderware Information Server > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-05-09 | CVE-2013-0685 | Permissions, Privileges, and Access Controls vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0 Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors. | 9.3 |
| 2013-05-09 | CVE-2013-0686 | Improper Input Validation vulnerability in Invensys Wonderware Information Server 4.0/4.5/5.0 Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 9.3 |
| 2011-07-29 | CVE-2011-2962 | Buffer Errors vulnerability in Invensys Wonderware Information Server 3.1/4.0 Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls. | 9.3 |