Schneider Electric Wonderware Vulnerabilities

CVSS 7.8 HIGH

CVEs (5)

CVE-2014-2381 CVE-2014-2380 CVE-2014-5397 CVE-2014-5398 CVE-2014-5399

Schneider Electric has created an update for WIS web pages and components to address the vulnerabilities listed in this advisory. Customers using all versions of WIS are affected and should upgrade to WIS Version 5.5 and then apply the security update.
Customers using the affected versions of WIS should set the security level settings in the Internet browser to “Medium – High” to minimize the risks presented by these vulnerabilities. In addition, the Wonderware Information Server Portal can be configured to use HTTPS that will require additional steps as documented in the products user documentation.
Schneider Electric has released a security bulletin titled “Multiple Vulnerabilities in Wonderware Information Server LFSEC00000102” to announce the security update, which is available at the following location: (https://gcsresource.invensys.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000102.pdf)

Schneider Electric

Schneider Electric · Wonderware Information Server Portal 4.0_SP1

Schneider Electric · Wonderware Information Server Portal 4.5

Schneider Electric · Wonderware Information Server Portal 5.0

Schneider Electric · Wonderware Information Server Portal 5.5

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.