PT-2018-8514 · Schneider Electric · Ampla Mes

Published

2018-05-18

Updated

2019-10-09

CVE-2017-9637

CVSS v3.1

4.1

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Schneider Electric Ampla MES versions 6.4 and prior

Description The issue allows an attacker to potentially sniff details from the connection string when connectivity to third-party databases is configured to use a SQL user name and password.

Recommendations For Schneider Electric Ampla MES versions 6.4 and prior, upgrade to Ampla MES version 6.5 as soon as possible.

Fix

Insufficiently Protected Credentials

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-319

Related Identifiers

CVE-2017-9637

Affected Products

Ampla Mes

PT-2018-8514 · Schneider Electric · Ampla Mes

CVE-2017-9637

Weakness Enumeration

Related Identifiers

Affected Products

References · 5