CVE-2017-9635

LOW Year: 2017
CVSS v3 Score
3.9
Low
CVSS v2 Score
1.9
Low
Weakness Type
CWE-326
View all →

Vulnerability Description

Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

Related Vulnerabilities

CVE-2018-1785

LOW
CVSS:3.7(Low)

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.

CWE-3262018

CVE-2020-25685

LOW
CVSS:3.7(Low)

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only us...

CWE-3262020

CVE-2021-38984

LOW
CVSS:3.7(Low)

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 21279...

CWE-3262021

CVE-2018-19001

MEDIUM
CVSS:4.3(Medium)

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.

CWE-3262018

CVE-2022-2582

MEDIUM
CVSS:4.3(Medium)

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attack...

CWE-3262022

CVE-2016-3034

MEDIUM
CVSS:4.4(Medium)

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

CWE-3262016