CVE-2017-9637

4.1MEDIUM

Key Information:

Vendor
Schneider Electric
Status
Ampla Mes
Vendor
CVE Published:
18 May 2018

Summary

Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

Affected Version(s)

Ampla MES versions 6.4 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05
x_refsource_MISC
http://software.schneider-electric.com/pdf/security-bulle...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99469
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.