CVE-2014-5398 Information

Description

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference related to an XML External Entity (XXE) issue.

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02