CVE-2014-5399

EUVD-2014-5287
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
invensyswonderware_information_server
4.0:sp1
invensyswonderware_information_server
4.0:sp1
invensyswonderware_information_server
4.5
invensyswonderware_information_server
5.0
invensyswonderware_information_server
5.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-238-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-14-238-02
http://www.securityfocus.com/bid/69416
https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02