Invensys Wonderware Information Server — known CVE vulnerabilities
Every CVE whose affected-product data names Invensys Wonderware Information Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2011-2962 — CVSS 9.3 (critical): Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a…
CVE-2013-0685 — CVSS 9.3 (critical): Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values…
CVE-2013-0686 — CVSS 9.3 (critical): Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send…
CVE-2014-2380 — CVSS 7.8 (high): Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to…
CVE-2012-0226 — CVSS 7.5 (high): SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL…
CVE-2013-0684 — CVSS 7.5 (high): SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote…
CVE-2014-5399 — CVSS 7.5 (high): SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to…
CVE-2014-5397 — CVSS 7.5 (high): Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote…
CVE-2012-0228 — CVSS 7.5 (high): Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass…
CVE-2012-3005 — CVSS 6.9 (medium): Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware…
CVE-2012-0257 — CVSS 6.8 (medium): Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server…
CVE-2012-0258 — CVSS 6.8 (medium): Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server…
CVE-2012-0225 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject…
CVE-2013-0688 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows…
CVE-2014-2381 — CVSS 2.1 (low): Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain…
CVE-2014-5398 — CVSS 2.1 (low): Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause…