var-201604-0147
Vulnerability from variot
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proface gp-pro ex ex-ed",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.4"
},
{
"model": "proface gp-pro ex pfxexedv",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.4"
},
{
"model": "proface gp-pro ex pfxexedls",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.4"
},
{
"model": "proface gp-pro ex pfxexgrpls",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.4"
},
{
"model": "gp-pro ex ex-ed",
"scope": "lt",
"trust": 0.8,
"vendor": "digital",
"version": "4.05.000"
},
{
"model": "gp-pro ex pfxexedls",
"scope": "lt",
"trust": 0.8,
"vendor": "digital",
"version": "4.05.000"
},
{
"model": "gp-pro ex pfxexedv",
"scope": "lt",
"trust": 0.8,
"vendor": "digital",
"version": "4.05.000"
},
{
"model": "gp-pro ex pfxexgrpls",
"scope": "lt",
"trust": 0.8,
"vendor": "digital",
"version": "4.05.000"
},
{
"model": "gp-pro ex ex-ed",
"scope": "lt",
"trust": 0.6,
"vendor": "pro face",
"version": "4.05.000"
},
{
"model": "pfxexedv",
"scope": "lt",
"trust": 0.6,
"vendor": "pro face",
"version": "4.05.000"
},
{
"model": "pfxexedls",
"scope": "lt",
"trust": 0.6,
"vendor": "pro face",
"version": "4.05.000"
},
{
"model": "pfxexgrpls",
"scope": "lt",
"trust": 0.6,
"vendor": "pro face",
"version": "4.05.000"
},
{
"model": "gp-pro ex pfxexgrpls",
"scope": "eq",
"trust": 0.6,
"vendor": "pro face",
"version": "4.0.4"
},
{
"model": "gp-pro ex ex-ed",
"scope": "eq",
"trust": 0.6,
"vendor": "pro face",
"version": "4.0.4"
},
{
"model": "gp-pro ex pfxexedv",
"scope": "eq",
"trust": 0.6,
"vendor": "pro face",
"version": "4.0.4"
},
{
"model": "gp-pro ex pfxexedls",
"scope": "eq",
"trust": 0.6,
"vendor": "pro face",
"version": "4.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gp pro ex ex ed",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gp pro ex pfxexedls",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gp pro ex pfxexedv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gp pro ex pfxexgrpls",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:pro-face:gp-pro_ex_ex-ed",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:pro-face:gp-pro_ex_pfxexedls",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:pro-face:gp-pro_ex_pfxexedv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:pro-face:gp-pro_ex_pfxexgrpls",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeremy Brown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
],
"trust": 0.6
},
"cve": "CVE-2015-7921",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7921",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02141",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7921",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-7921",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7921",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-7921",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-02141",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-030",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7921"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7921",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-096-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2016-02141",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016",
"trust": 0.8
},
{
"db": "IVD",
"id": "5A8077F6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"id": "VAR-201604-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
}
]
},
"last_update_date": "2024-11-23T22:49:15.692000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GP-Pro EX",
"trust": 0.8,
"url": "http://jpn.proface.co.jp/product/soft/gpproex/index.html"
},
{
"title": "Pro-face GP-Pro EX security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/73908"
},
{
"title": "Pro-face GP-Pro EX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60765"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-096-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7921"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7921"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"date": "2016-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-030"
},
{
"date": "2016-04-06T23:59:02.473000",
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-030"
},
{
"date": "2024-11-21T02:37:40.297000",
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Pro-face GP-Pro EX Product FTP Vulnerability that prevents authentication on the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…