CVE-2014-2381

Description

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

Affected products

• Schneider Electric / Wonderware Information Server Portal4.0 SP1 – 4.0 SP1
• Schneider Electric / Wonderware Information Server Portal4.5 – 4.5
• Schneider Electric / Wonderware Information Server Portal5.0 – 5.0
• Schneider Electric / Wonderware Information Server Portal5.5 – 5.5

References

• VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02
• MISChttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json