Back to search
CVE-2017-9637
Published: May 18, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.
| Vendor | Product | Versions |
|---|---|---|
Schneider Electric SE | Ampla MES | affected versions 6.4 and prior |
Weaknesses (CWE)
References
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05
x_refsource_MISC
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/
x_refsource_CONFIRM
99469
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now