SQL Injection Vulnerability in Schneider Electric's Ampla MES Product
CVE-2017-9637

4.1MEDIUM

Key Information:

Vendor

Schneider Electric
Status
Ampla Mes
Vendor
CVE Published:
18 May 2018

What is CVE-2017-9637?

The SQL injection vulnerability in Schneider Electric's Ampla MES 6.4 allows attackers to compromise the security of data transmitted via a connection string. By utilizing a SQL username and password, an attacker could potentially intercept sensitive information related to third-party database interactions. Schneider Electric urges all users of Ampla MES versions 6.4 and earlier to upgrade to version 6.5 to mitigate this risk and enhance their overall data security.

Affected Version(s)

Ampla MES versions 6.4 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05
x_refsource_MISC
http://software.schneider-electric.com/pdf/security-bulle...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99469
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.