← voltar
CVE-2017-9637

CVE-2017-9637

EPSS 0.2%CWE-319
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 mai 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.
Produtos afetados
Schneider Electric SE · Ampla MES

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/http://www.securityfocus.com/bid/99469