PT-2018-8514 · Schneider Electric · Ampla Mes

Publicado

2018-05-18

·

Atualizado

2019-10-09

·

CVE-2017-9637

CVSS v3.1

4.1

Média

VetorAV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Schneider Electric Ampla MES versions 6.4 and prior
Description The issue allows an attacker to potentially sniff details from the connection string when connectivity to third-party databases is configured to use a SQL user name and password.
Recommendations For Schneider Electric Ampla MES versions 6.4 and prior, upgrade to Ampla MES version 6.5 as soon as possible.

Correção

Insufficiently Protected Credentials

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-319

Identificadores relacionados

CVE-2017-9637

Produtos afetados

Ampla Mes