Vulnerabilites related to Schneider Electric - Pro-face GP-Pro EX
var-202308-2035
Vulnerability from variot
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. Schneider Electric of Pro-Face GP-Pro EX Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Schneider Electric GP-Pro EX is a set of HMI interface editing and logic programming software from the French Schneider Electric company.
Schneider Electric Pro-face GP-Pro EX has a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pro-face gp-pro ex",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.09.500"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.09.500"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "pro-face gp-pro ex",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric pro-face gp-pro ex",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "4.09.500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64088"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021506"
},
{
"db": "NVD",
"id": "CVE-2023-3953"
}
]
},
"cve": "CVE-2023-3953",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2023-64088",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2023-3953",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-3953",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-3953",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2023-3953",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-3953",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2023-64088",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64088"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021506"
},
{
"db": "NVD",
"id": "CVE-2023-3953"
},
{
"db": "NVD",
"id": "CVE-2023-3953"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX. Schneider Electric of Pro-Face GP-Pro EX Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Schneider Electric GP-Pro EX is a set of HMI interface editing and logic programming software from the French Schneider Electric company. \n\r\n\r\nSchneider Electric Pro-face GP-Pro EX has a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3953"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021506"
},
{
"db": "CNVD",
"id": "CNVD-2023-64088"
},
{
"db": "VULMON",
"id": "CVE-2023-3953"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-3953",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2023-220-01",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021506",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64088",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-3953",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64088"
},
{
"db": "VULMON",
"id": "CVE-2023-3953"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021506"
},
{
"db": "NVD",
"id": "CVE-2023-3953"
}
]
},
"id": "VAR-202308-2035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64088"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64088"
}
]
},
"last_update_date": "2024-08-14T14:36:42.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patches for Schneider Electric GP-Pro EX Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452181"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021506"
},
{
"db": "NVD",
"id": "CVE-2023-3953"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-220-01\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-220-01.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3953"
},
{
"trust": 0.6,
"url": "https://github.com/prestashop/prestashop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64088"
},
{
"db": "VULMON",
"id": "CVE-2023-3953"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021506"
},
{
"db": "NVD",
"id": "CVE-2023-3953"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64088"
},
{
"db": "VULMON",
"id": "CVE-2023-3953"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021506"
},
{
"db": "NVD",
"id": "CVE-2023-3953"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64088"
},
{
"date": "2023-08-09T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3953"
},
{
"date": "2024-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-021506"
},
{
"date": "2023-08-09T15:15:09.623000",
"db": "NVD",
"id": "CVE-2023-3953"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64088"
},
{
"date": "2023-08-09T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3953"
},
{
"date": "2024-01-19T06:25:00",
"db": "JVNDB",
"id": "JVNDB-2023-021506"
},
{
"date": "2023-08-15T15:40:42.007000",
"db": "NVD",
"id": "CVE-2023-3953"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider\u00a0Electric\u00a0 of \u00a0Pro-Face\u00a0GP-Pro\u00a0EX\u00a0 Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021506"
}
],
"trust": 0.8
}
}
var-201709-1078
Vulnerability from variot
A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. Schneider Electric GP Pro EX Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pro-face GP-Pro EX is the development software for Pro-face GP4000, GP4100, GP4000M, LT4000M, LT3000, EZ Series, SP5000 Smart Portal series products. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. Failed exploit attempts will result in a denial of service condition. Pro-face GP-Pro EX 4.07.000 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pro-face gp pro ex",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "4.07.000"
},
{
"model": "gp pro ex",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.07.000"
},
{
"model": "electric pro-face gp-pro ex",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "4.07.000"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.7"
},
{
"model": "pro-face gp-pro ex",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.7.100"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pro face gp pro ex",
"version": "4.07.000"
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:pro-face_gp_pro_ex",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "100114"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9961",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-22834",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-9961",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9961",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9961",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-22834",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in Schneider Electric\u0027s Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. Schneider Electric GP Pro EX Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pro-face GP-Pro EX is the development software for Pro-face GP4000, GP4100, GP4000M, LT4000M, LT3000, EZ Series, SP5000 Smart Portal series products. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. Failed exploit attempts will result in a denial of service condition. \nPro-face GP-Pro EX 4.07.000 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9961",
"trust": 3.5
},
{
"db": "BID",
"id": "100114",
"trust": 1.9
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-195-01",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-215-01",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22834",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556",
"trust": 0.8
},
{
"db": "IVD",
"id": "9D5553FD-7A78-4B9D-AA56-2BEAA93655C1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"id": "VAR-201709-1078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
}
]
},
"last_update_date": "2024-11-23T22:34:29.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-195-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-195-01"
},
{
"title": "Patch for Schneider Electric Pro-face GP-Pro EX arbitrary code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100839"
},
{
"title": "Schneider Electric Pro-face GP-Pro EX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99880"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-195-01/"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100114"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-215-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9961"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9961"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"date": "2017-08-03T00:00:00",
"db": "BID",
"id": "100114"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"date": "2017-09-26T01:29:04.007000",
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"date": "2017-08-03T00:00:00",
"db": "BID",
"id": "100114"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"date": "2024-11-21T03:37:15.510000",
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100114"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pro-face GP-Pro EX Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
],
"trust": 0.6
}
}
var-201812-0850
Vulnerability from variot
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Pro-Face GP-Pro EX Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Pro-face GP-Pro EX 4.08 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0850",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 1.1,
"vendor": "schneider electric",
"version": "4.08"
},
{
"model": "pro-face gp-pro ex",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.08"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.07"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.06"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.05"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.04"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.03"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.02"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.01"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.00"
},
{
"model": "pro-face gp-pro ex",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.8.200"
}
],
"sources": [
{
"db": "BID",
"id": "106441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"db": "NVD",
"id": "CVE-2018-7832"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.08",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7832"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yu Quiang of Venustech??s ADLab",
"sources": [
{
"db": "BID",
"id": "106441"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7832",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7832",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7832",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 1.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7832",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-1094",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1094"
},
{
"db": "NVD",
"id": "CVE-2018-7832"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Pro-Face GP-Pro EX Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. \nPro-face GP-Pro EX 4.08 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7832"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"db": "BID",
"id": "106441"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-003-01",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2018-7832",
"trust": 2.7
},
{
"db": "BID",
"id": "106441",
"trust": 1.9
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-354-02",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013855",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1094",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "106441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1094"
},
{
"db": "NVD",
"id": "CVE-2018-7832"
}
]
},
"id": "VAR-201812-0850",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2022-05-04T09:28:51.808000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-354-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-354-02/"
},
{
"title": "Schneider Electric Pro-Face GP-Pro EX Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88167"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"db": "NVD",
"id": "CVE-2018-7832"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-003-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/106441"
},
{
"trust": 1.6,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-354-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7832"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7832"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "https://www.proface.com/en/product/soft/gpproex/top"
}
],
"sources": [
{
"db": "BID",
"id": "106441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1094"
},
{
"db": "NVD",
"id": "CVE-2018-7832"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "106441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1094"
},
{
"db": "NVD",
"id": "CVE-2018-7832"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-03T00:00:00",
"db": "BID",
"id": "106441"
},
{
"date": "2019-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"date": "2018-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1094"
},
{
"date": "2018-12-24T16:29:00",
"db": "NVD",
"id": "CVE-2018-7832"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-03T00:00:00",
"db": "BID",
"id": "106441"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013855"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1094"
},
{
"date": "2019-05-28T18:29:00",
"db": "NVD",
"id": "CVE-2018-7832"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1094"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pro-Face GP-Pro EX Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013855"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "106441"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1094"
}
],
"trust": 0.9
}
}
var-202006-1523
Vulnerability from variot
A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. GP-Pro EX There is a vulnerability in requesting a weak password.Information may be obtained. Schneider Electric GP-Pro EX is a set of HMI interface editing and logic programming software of French Schneider Electric (Schneider Electric) company.
There are security vulnerabilities in Schneider Electric GP-Pro EX version 1.00 to version 4.09.120. An attacker can use this vulnerability to obtain the password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1523",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gp-pro ex",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.09.120"
},
{
"model": "gp-pro ex",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.00"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.00 \u304b\u3089 4.09.100"
},
{
"model": "electric pro-face gp-pro ex",
"scope": "gte",
"trust": 0.6,
"vendor": "schneider",
"version": "1.00,\u003c=4.09.120"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"db": "NVD",
"id": "CVE-2020-7492"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:pro-face_gp-pro_ex",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
}
]
},
"cve": "CVE-2020-7492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-7492",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006892",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-25686",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-185617",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-7492",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006892",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7492",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006892",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-25686",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1076",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-185617",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"db": "VULHUB",
"id": "VHN-185617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1076"
},
{
"db": "NVD",
"id": "CVE-2020-7492"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. GP-Pro EX There is a vulnerability in requesting a weak password.Information may be obtained. Schneider Electric GP-Pro EX is a set of HMI interface editing and logic programming software of French Schneider Electric (Schneider Electric) company. \n\r\n\r\nThere are security vulnerabilities in Schneider Electric GP-Pro EX version 1.00 to version 4.09.120. An attacker can use this vulnerability to obtain the password",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7492"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"db": "VULHUB",
"id": "VHN-185617"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7492",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-133-01",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006892",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1076",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-25686",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-185617",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"db": "VULHUB",
"id": "VHN-185617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1076"
},
{
"db": "NVD",
"id": "CVE-2020-7492"
}
]
},
"id": "VAR-202006-1523",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"db": "VULHUB",
"id": "VHN-185617"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25686"
}
]
},
"last_update_date": "2024-11-23T23:07:56.002000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-133-01",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
},
{
"title": "Patch for GP Pro EX Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/256381"
},
{
"title": "Schneider Electric GP-Pro EX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122519"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1076"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"db": "NVD",
"id": "CVE-2020-7492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7492"
},
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-133-01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7492"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"db": "VULHUB",
"id": "VHN-185617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1076"
},
{
"db": "NVD",
"id": "CVE-2020-7492"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"db": "VULHUB",
"id": "VHN-185617"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1076"
},
{
"db": "NVD",
"id": "CVE-2020-7492"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"date": "2020-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-185617"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"date": "2020-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1076"
},
{
"date": "2020-06-16T20:15:14.177000",
"db": "NVD",
"id": "CVE-2020-7492"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25686"
},
{
"date": "2020-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-185617"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006892"
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1076"
},
{
"date": "2024-11-21T05:37:15.150000",
"db": "NVD",
"id": "CVE-2020-7492"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1076"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GP-Pro EX Vulnerability in requesting weak passwords in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006892"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1076"
}
],
"trust": 0.6
}
}
CVE-2024-12399 (GCVE-0-2024-12399)
Vulnerability from cvelistv5
Published
2025-01-17 09:37
Modified
2025-09-09 20:41
Severity ?
6.1 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Summary
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability
exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs
man in the middle attack by intercepting the communication.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | Pro-face GP-Pro EX |
Version: all version |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T13:19:08.787250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:55:25.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pro-face GP-Pro EX",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "v5.00.100",
"status": "affected",
"version": "all version",
"versionType": "version"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro-face Remote HMI",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "v1.70.000",
"status": "affected",
"version": "all versions",
"versionType": "version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability\nexists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs\nman in the middle attack by intercepting the communication.\n\n\u003cbr\u003e"
}
],
"value": "CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability\nexists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs\nman in the middle attack by intercepting the communication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-924",
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T20:41:23.793Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-02.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-12399",
"datePublished": "2025-01-17T09:37:35.734Z",
"dateReserved": "2024-12-10T09:21:04.278Z",
"dateUpdated": "2025-09-09T20:41:23.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}