github - ghsa-mmx7-9c9c-w6wv

GHSA-MMX7-9C9C-W6WV

Vulnerability from github – Published: 2022-05-17 04:38 – Updated: 2025-11-01 00:30

Details

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-28T01:55:00Z",
    "severity": "LOW"
  },
  "details": "Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.",
  "id": "GHSA-mmx7-9c9c-w6wv",
  "modified": "2025-11-01T00:30:25Z",
  "published": "2022-05-17T04:38:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2381"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2014-2381 (GCVE-0-2014-2381)

Vulnerability from cvelistv5 – Published: 2014-08-28 01:00 – Updated: 2025-10-31 23:19

Summary

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

Severity ?

No CVSS data available.

CWE

CWE-326

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/i…
	https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

	Vendor	Product	Version
	Schneider Electric	Wonderware Information Server Portal	Affected: 4.0 SP1 Affected: 4.5 Affected: 5.0 Affected: 5.5

Credits

Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:25.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wonderware Information Server Portal",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "4.0 SP1"
            },
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.5"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:schneider_electric:wonderware_information_server_portal:4.0_sp1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:schneider_electric:wonderware_information_server_portal:4.5:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:schneider_electric:wonderware_information_server_portal:5.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:schneider_electric:wonderware_information_server_portal:5.5:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team"
        }
      ],
      "datePublic": "2014-08-26T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file."
            }
          ],
          "value": "Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-31T23:19:54.894Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSchneider Electric has created an update for WIS web pages and \ncomponents to address the vulnerabilities listed in this advisory. \nCustomers using all versions of WIS are affected and should upgrade to \nWIS Version 5.5 and then apply the security update.\u003c/p\u003e\n\u003cp\u003eCustomers using the affected versions of WIS should set the security \nlevel settings in the Internet browser to \u201cMedium \u2013 High\u201d to minimize \nthe risks presented by these vulnerabilities. In addition, the \nWonderware Information Server Portal can be configured to use HTTPS that\n will require additional steps as documented in the products user \ndocumentation.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has released a security bulletin titled \u201cMultiple \nVulnerabilities in Wonderware Information Server LFSEC00000102\u201d to \nannounce the security update, which is available at the following \nlocation:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gcsresource.invensys.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000102.pdf\"\u003ehttps://gcsresource.invensys.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000102.pdf\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Schneider Electric has created an update for WIS web pages and \ncomponents to address the vulnerabilities listed in this advisory. \nCustomers using all versions of WIS are affected and should upgrade to \nWIS Version 5.5 and then apply the security update.\n\n\nCustomers using the affected versions of WIS should set the security \nlevel settings in the Internet browser to \u201cMedium \u2013 High\u201d to minimize \nthe risks presented by these vulnerabilities. In addition, the \nWonderware Information Server Portal can be configured to use HTTPS that\n will require additional steps as documented in the products user \ndocumentation.\n\n\nSchneider Electric has released a security bulletin titled \u201cMultiple \nVulnerabilities in Wonderware Information Server LFSEC00000102\u201d to \nannounce the security update, which is available at the following \nlocation:\n\n\n https://gcsresource.invensys.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000102.pdf"
        }
      ],
      "source": {
        "advisory": "ICSA-14-238-02",
        "discovery": "EXTERNAL"
      },
      "title": "Schneider Electric Wonderware Inadequate Encryption Strength",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-2380",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-2381",
    "datePublished": "2014-08-28T01:00:00",
    "dateReserved": "2014-03-13T00:00:00",
    "dateUpdated": "2025-10-31T23:19:54.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-MMX7-9C9C-W6WV

CVE-2014-2381 (GCVE-0-2014-2381)

Tags

Sightings

Nomenclature