Description
Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05
Vendor Advisory x_refsource_confirm
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99469
Scores
CVSS v3
3.9
EPSS
0.0004
EPSS Percentile
11.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-326
Status
published
Products (1)
schneider-electric/ampla_manufacturing_execution_system
< 6.4
Published
May 18, 2018
Tracked Since
Feb 18, 2026