CVE-2017-9635

LOW

3.9CVSS v3

1.9CVSS v2

0.04% EPSS (exploit probability)

CWE-326CWE

Description

Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

CVSS v3 vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE