CVE-2017-9635

Published: May 18, 2018Modified: Nov 21, 2024

3.9

Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Exploitability: 0.5 / Impact: 3.4

Source: NVD

Description

Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

Affected (1)

Products: Schneider Electric: Ampla Manufacturing Execution System

Schneider Electric

1 product

Ampla Manufacturing Execution System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ampla Manufacturing Execution System	Up to 6.4

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (6)

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/

Source: ics-cert@hq.dhs.gov

Vendor Advisory

http://www.securityfocus.com/bid/99469

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/99469

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.