cvedb.io
CVE-2017-9637
MEDIUM · CVSS 4.1
EPSS exploitation probability: 0%
Published 2018-05-18T13:29:00.283 · Last modified 2026-06-17T01:28:38.053

Summary

Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

Affected products

schneider-electric — ampla_manufacturing_execution_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when schneider-electric ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.