Description
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05
Vendor Advisory x_refsource_confirm
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000118/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99469
Scores
CVSS v3
4.1
EPSS
0.0003
EPSS Percentile
9.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
CWE-522
Status
published
Products (1)
schneider-electric/ampla_manufacturing_execution_system
< 6.4
Published
May 18, 2018
Tracked Since
Feb 18, 2026