CVE-2014-5398

CVE-2014-5398: Schneider Electric Wonderware Input Validation

Vendor Schneider Electric

Product Wonderware Information Server Portal

Weakness CWE-20 · Input validation

Published August 28, 2014

Last update October 31, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Key dates

02Disclosure timeline

August 28, 2014 CVE published

October 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2014-5398 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2014-5398

CWE CWE-20

Affected versions

Vendor Schneider Electric

Product Wonderware Information Server Portal

Affected 4.0 SP1

Vendor Schneider Electric

Product Wonderware Information Server Portal

Affected 4.5

Vendor Schneider Electric

Product Wonderware Information Server Portal

Affected 5.0

Vendor Schneider Electric

Product Wonderware Information Server Portal

Affected 5.5

CVE-2014-5398: Schneider Electric Wonderware Input Validation

01Description

02Disclosure timeline

03References

04Related CVE