Wonderware Information Server CVE-2014-2380 Weak Encryption Security Weakness
BID:69414
Info
Wonderware Information Server CVE-2014-2380 Weak Encryption Security Weakness
| Bugtraq ID: | 69414 |
| Class: | Design Error |
| CVE: |
CVE-2014-2380 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 26 2014 12:00AM |
| Updated: | Mar 19 2015 09:12AM |
| Credit: | Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team |
| Vulnerable: |
Invensys Wonderware Information Server 4.5 Portal Invensys Wonderware Information Server 4.0 SP1 |
| Not Vulnerable: | |
Discussion
Wonderware Information Server CVE-2014-2380 Weak Encryption Security Weakness
Wonderware Information Server is prone to a security weakness that may allow attackers to obtain sensitive information.
Successfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks.
Wonderware Information Server is prone to a security weakness that may allow attackers to obtain sensitive information.
Successfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks.
Exploit / POC
Wonderware Information Server CVE-2014-2380 Weak Encryption Security Weakness
An attacker can use readily available utilities to exploit this issue.
An attacker can use readily available utilities to exploit this issue.
Solution / Fix
Wonderware Information Server CVE-2014-2380 Weak Encryption Security Weakness
Solution:
Updates are available. Please see the references or vendor advisory for more information
Solution:
Updates are available. Please see the references or vendor advisory for more information
References
Wonderware Information Server CVE-2014-2380 Weak Encryption Security Weakness
References:
References: