Remote Code Execution in Pro-face GP-Pro EX Products from Pro-face
CVE-2016-2291

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Proface Gp-pro Ex Pfxexedls; Proface Gp-pro Ex Pfxexedv; Proface Gp-pro Ex Ex-ed; Proface Gp-pro Ex Pfxexgrpls
Vendor: CVE Published:; 6 April 2016

Summary

Pro-face GP-Pro EX software prior to version 4.05.000 exhibits a vulnerability that could permit remote attackers to execute arbitrary code or create a denial of service situation due to an out-of-bounds read. This issue is triggered through unspecified vectors, potentially exposing critical system functions to unauthorized control. Users are advised to update to the latest version to mitigate risks associated with this vulnerability.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2016
Vulnerability Reserved
Feb 9, 2016