CVE-2014-5398

Summary

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricWonderware Information Server Portal4.0 SP1affected
Schneider ElectricWonderware Information Server Portal4.5affected
Schneider ElectricWonderware Information Server Portal5.0affected
Schneider ElectricWonderware Information Server Portal5.5affected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References