Sign-up

ID

VAR-201408-0102


CVE

CVE-2014-2381


TITLE

Schneider Electric Wonderware Information Server Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-003982

DESCRIPTION

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. Supplementary information : CWE Vulnerability type by CWE-326: Inadequate Encryption Strength ( Incorrect cipher strength ) Has been identified. http://cwe.mitre.org/data/definitions/326.htmlIf a third party reads the authentication information file, important information may be obtained. Invensys Wonderware Information Server is a graphical visualization, reporting and analysis of real-time network-based plant operations data that helps drive productivity across the enterprise. This may lead to other attacks. The program supports dashboards, pre-designed industrial activity reports, etc., and provides processes for analysis or write-back mechanisms

Trust: 2.7

sources: NVD: CVE-2014-2381 // JVNDB: JVNDB-2014-003982 // CNVD: CNVD-2014-05274 // BID: 69415 // IVD: 29212e84-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-70320

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 29212e84-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05274

AFFECTED PRODUCTS

vendor:invensysmodel:wonderware information serverscope:eqversion:5.5

Trust: 1.6

vendor:invensysmodel:wonderware information serverscope:eqversion:4.5

Trust: 1.6

vendor:invensysmodel:wonderware information serverscope:eqversion:4.0

Trust: 1.6

vendor:invensysmodel:wonderware information serverscope:eqversion:5.0

Trust: 1.6

vendor:invensysmodel:wonderware information serverscope:eqversion:portal 4.0 sp1 to 5.5

Trust: 0.8

vendor:invensysmodel:wonderware information serverscope: - version: -

Trust: 0.6

vendor:wonderware information servermodel: - scope:eqversion:4.0

Trust: 0.4

vendor:invensysmodel:wonderware information server portalscope:eqversion:4.5

Trust: 0.3

vendor:invensysmodel:wonderware information server sp1scope:eqversion:4.0

Trust: 0.3

vendor:wonderware information servermodel: - scope:eqversion:4.5

Trust: 0.2

vendor:wonderware information servermodel: - scope:eqversion:5.0

Trust: 0.2

vendor:wonderware information servermodel: - scope:eqversion:5.5

Trust: 0.2

sources: IVD: 29212e84-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05274 // BID: 69415 // JVNDB: JVNDB-2014-003982 // CNNVD: CNNVD-201408-429 // NVD: CVE-2014-2381

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2381
value: LOW

Trust: 1.0

NVD: CVE-2014-2381
value: LOW

Trust: 0.8

CNVD: CNVD-2014-05274
value: LOW

Trust: 0.6

CNNVD: CNNVD-201408-429
value: LOW

Trust: 0.6

IVD: 29212e84-2352-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-70320
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2014-2381
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-05274
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 29212e84-2352-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-70320
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 29212e84-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-05274 // VULHUB: VHN-70320 // JVNDB: JVNDB-2014-003982 // CNNVD: CNNVD-201408-429 // NVD: CVE-2014-2381

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-003982 // NVD: CVE-2014-2381

THREAT TYPE

local

Trust: 0.9

sources: BID: 69415 // CNNVD: CNNVD-201408-429

TYPE

Design Error

Trust: 0.3

sources: BID: 69415

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003982

PATCH
title:Wonderware Information Serverurl:http://software.invensys.com/products/wonderware/production-information-management/information-server/
Trust: 0.8
title:Patch for Invensys Wonderware Information Server Weak Password Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/49398
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-05274 // 
            
            
            
            JVNDB: JVNDB-2014-003982

EXTERNAL IDS
db:NVDid:CVE-2014-2381
Trust: 3.7
db:ICS CERTid:ICSA-14-238-02
Trust: 3.4
db:BIDid:69415
Trust: 1.0
db:CNNVDid:CNNVD-201408-429
Trust: 0.9
db:CNVDid:CNVD-2014-05274
Trust: 0.8
db:JVNDBid:JVNDB-2014-003982
Trust: 0.8
db:IVDid:29212E84-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-70320
Trust: 0.1
db:PACKETSTORMid:128111
Trust: 0.1
sources:
            
            
            IVD: 29212e84-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-05274 // 
            
            
            
            VULHUB: VHN-70320 // 
            
            
            
            BID: 69415 // 
            
            
            
            JVNDB: JVNDB-2014-003982 // 
            
            
            
            PACKETSTORM: 128111 // 
            
            
            
            CNNVD: CNNVD-201408-429 // 
            
            
            
            NVD: CVE-2014-2381

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-14-238-02
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2381
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2381
Trust: 0.8
url:http://www.securityfocus.com/bid/69415
Trust: 0.6
url:http://global.wonderware.com/en/pages/wonderwareinformationserver.aspx
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2014-5398
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-5399
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-5397
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-2381
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-2380
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-05274 // 
            
            
            
            VULHUB: VHN-70320 // 
            
            
            
            BID: 69415 // 
            
            
            
            JVNDB: JVNDB-2014-003982 // 
            
            
            
            PACKETSTORM: 128111 // 
            
            
            
            CNNVD: CNNVD-201408-429 // 
            
            
            
            NVD: CVE-2014-2381

CREDITS
Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team
Trust: 0.3
sources:
            
            
            BID: 69415

SOURCES
db:IVDid:29212e84-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-05274
db:VULHUBid:VHN-70320
db:BIDid:69415
db:JVNDBid:JVNDB-2014-003982
db:PACKETSTORMid:128111
db:CNNVDid:CNNVD-201408-429
db:NVDid:CVE-2014-2381

LAST UPDATE DATE
2025-04-13T23:04:56.070000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05274date:2014-08-28T00:00:00
db:VULHUBid:VHN-70320date:2014-08-28T00:00:00
db:BIDid:69415date:2015-03-19T08:38:00
db:JVNDBid:JVNDB-2014-003982date:2014-08-29T00:00:00
db:CNNVDid:CNNVD-201408-429date:2014-08-29T00:00:00
db:NVDid:CVE-2014-2381date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:29212e84-2352-11e6-abef-000c29c66e3ddate:2014-08-28T00:00:00
db:CNVDid:CNVD-2014-05274date:2014-08-28T00:00:00
db:VULHUBid:VHN-70320date:2014-08-28T00:00:00
db:BIDid:69415date:2014-08-26T00:00:00
db:JVNDBid:JVNDB-2014-003982date:2014-08-29T00:00:00
db:PACKETSTORMid:128111date:2014-09-01T14:55:55
db:CNNVDid:CNNVD-201408-429date:2014-08-29T00:00:00
db:NVDid:CVE-2014-2381date:2014-08-28T01:55:03.200