CVE-2017-9637

MEDIUM Year: 2017
CVSS v3 Score
4.1
Medium
CVSS v2 Score
1.9
Low
Weakness Type
CWE-319
View all →

Vulnerability Description

Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

Related Vulnerabilities

CVE-2023-45716

MEDIUM
CVSS:4.1(Medium)

Sametime is impacted by sensitive information passed in URL.

CWE-3192023

CVE-2025-32793

MEDIUM
CVSS:4.0(Medium)

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard trans...

CWE-3192025

CVE-2019-8345

MEDIUM
CVSS:4.2(Medium)

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an ...

CWE-3192019

CVE-2018-11399

MEDIUM
CVSS:4.3(Medium)

SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occu...

CWE-3192018

CVE-2019-10732

MEDIUM
CVSS:4.3(Medium)

In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS ...

CWE-3192019

CVE-2019-10734

MEDIUM
CVSS:4.3(Medium)

In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS ...

CWE-3192019