Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.
References
Link | Resource |
---|---|
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/ | Vendor Advisory |
http://www.securityfocus.com/bid/99469 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2017-06-30T00:00:00
Updated: 2018-05-19T09:57:01
Reserved: 2017-06-14T00:00:00
Link: CVE-2017-9637
JSON object: View
NVD Information
Status : Modified
Published: 2018-05-18T13:29:00.283
Modified: 2019-10-09T23:30:44.847
Link: CVE-2017-9637
JSON object: View
Redhat Information
No data.