CVE-2017-9637

EPSS 0.2%CWE-319

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

18 May 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

Affected products

Schneider Electric SE · Ampla MES

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05 http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/http://www.securityfocus.com/bid/99469