CVE-2014-5399

Description

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected products

• Schneider Electric / Wonderware Information Server Portal4.0 SP1 – 4.0 SP1
• Schneider Electric / Wonderware Information Server Portal4.5 – 4.5
• Schneider Electric / Wonderware Information Server Portal5.0 – 5.0
• Schneider Electric / Wonderware Information Server Portal5.5 – 5.5

References

• VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02
• MISChttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json