Invensys » Wonderware Information Server : Security Vulnerabilities, CVEs, Published In 2013
Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.15%
Published
2013-05-09
Updated
2013-05-09
Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
9.3
EPSS Score
0.21%
Published
2013-05-09
Updated
2013-05-09
Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors.
Max CVSS
9.3
EPSS Score
0.30%
Published
2013-05-09
Updated
2013-05-09
SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.09%
Published
2013-05-09
Updated
2013-05-09
4 vulnerabilities found