|
257141
|
- |
|
invensys
|
wonderware_information_server
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration i…
|
CWE-20
Improper Input Validation
|
CVE-2014-5398
|
2014-08-29 00:22 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257142
|
- |
|
invensys
|
wonderware_information_server
|
Per: https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02
"WIS may allow access to local resources (files and internal resources) via unsafe parsing of XML external entities. By using specially cr…
|
CWE-20
Improper Input Validation
|
CVE-2014-5398
|
2014-08-29 00:22 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257143
|
- |
|
invensys
|
wonderware_information_server
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.
|
NVD-CWE-Other
|
CVE-2014-2381
|
2014-08-29 00:07 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257144
|
- |
|
invensys
|
wonderware_information_server
|
<a href="http://cwe.mitre.org/data/definitions/326.html" target="_blank">CWE-326: Inadequate Encryption Strength</a>
|
NVD-CWE-Other
|
CVE-2014-2381
|
2014-08-29 00:07 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257145
|
- |
|
invensys
|
wonderware_information_server
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.
|
NVD-CWE-Other
|
CVE-2014-2380
|
2014-08-29 00:01 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257146
|
- |
|
invensys
|
wonderware_information_server
|
<a href="http://cwe.mitre.org/data/definitions/326.html" target="_blank">CWE-326: Inadequate Encryption Strength</a>
|
NVD-CWE-Other
|
CVE-2014-2380
|
2014-08-29 00:01 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257147
|
- |
|
qeiinc
|
epaq-9410_substation_gateway
|
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line.
|
CWE-20
Improper Input Validation
|
CVE-2014-0762
|
2014-08-28 23:03 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257148
|
- |
|
qeiinc
|
epaq-9410_substation_gateway
|
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
|
CWE-20
Improper Input Validation
|
CVE-2014-0761
|
2014-08-28 23:01 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257149
|
- |
|
little_kernel_project
|
little_kernel_bootloader
|
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows…
|
CWE-287
Improper Authentication
|
CVE-2014-4325
|
2014-08-28 10:35 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257150
|
- |
|
schrack
|
technik_microcontrol_firmware
technik_microcontrol
|
The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access …
|
NVD-CWE-Other
|
CVE-2014-5396
|
2014-08-28 09:44 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
