CVE-2017-9635

EPSS 0.04%
Published 18.05.2018 13:29:00
Last modified 21.11.2024 03:36:33
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Ampla Manufacturing Execution System Version <= 6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.099

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.9	0.5	3.4	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/

Vendor Advisory

http://www.securityfocus.com/bid/99469

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2017-9635

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9635

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9635

EUVD