PT-2018-8513 · Schneider Electric · Ampla Mes

Ilya Karpov

Published

2018-05-18

Updated

2019-10-09

CVE-2017-9635

CVSS v3.1

3.9

Low

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Schneider Electric Ampla MES versions prior to 6.5

Description A weakness in the password hashing algorithm of Schneider Electric Ampla MES could be exploited to reverse a user's password when Simple Security is used.

Recommendations For versions prior to 6.5, upgrade to Ampla MES version 6.5 as soon as possible.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

CVE-2017-9635

Affected Products

Ampla Mes

PT-2018-8513 · Schneider Electric · Ampla Mes

CVE-2017-9635

Weakness Enumeration

Related Identifiers

Affected Products

References · 5