Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.
References
Link | Resource |
---|---|
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/ | Vendor Advisory |
http://www.securityfocus.com/bid/99469 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2017-06-30T00:00:00
Updated: 2018-05-19T09:57:01
Reserved: 2017-06-14T00:00:00
Link: CVE-2017-9635
JSON object: View
NVD Information
Status : Modified
Published: 2018-05-18T13:29:00.223
Modified: 2019-10-09T23:30:44.597
Link: CVE-2017-9635
JSON object: View
Redhat Information
No data.
CWE