Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 up to and including 5.5 allows remote malicious users to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
invensys wonderware information server 4.5 |
||
invensys wonderware information server 5.0 |
||
invensys wonderware information server 4.0 |
||
invensys wonderware information server 5.5 |