Vulnerability Description
Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invensys | Wonderware Information Server | 4.0 |
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-23
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02
- http://www.securityfocus.com/bid/69418
- https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02US Government Resource
FAQ
What is CVE-2014-5397?
CVE-2014-5397 is a vulnerability with a CVSS score of 7.5 (HIGH). Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspeci...
How severe is CVE-2014-5397?
CVE-2014-5397 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5397?
Check the references section above for vendor advisories and patch information. Affected products include: Invensys Wonderware Information Server.