CVE-2017-9637 Vulnerability Details

  /     /     /  

CVE-2017-9637 Metadata Quick Info

CVE Published: 18/05/2018 | CVE Updated: 17/09/2024 | CVE Year: 2017
Source: icscert | Vendor: Schneider Electric SE | Product: Ampla MES
Status : PUBLISHED

---

CVE-2017-9637 Description

Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-319
CWE Name: Cleartext transmission of sensitive information CWE-319
Source: Schneider Electric SE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).