CVE-2014-5399

Опубликовано: 28 авг. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Ссылки

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02
http://www.securityfocus.com/bid/69416
https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1:*:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1:*:*:portal:*:*:*

cpe:2.3:a:invensys:wonderware_information_server:4.5:-:portal:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_information_server:5.0:-:portal:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_information_server:5.5:*:*:*:portal:*:*:*

EPSS

Процентиль: 58%

0.0037

Низкий

7.5 High

CVSS2

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5h5j-vrcw-6p8p

github

больше 3 лет назад

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

EPSS

Процентиль: 58%

0.0037

Низкий

7.5 High

CVSS2

7.5 High

CVSS2

Дефекты

CWE-89