var-201709-1078
Vulnerability from variot
A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. Schneider Electric GP Pro EX Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pro-face GP-Pro EX is the development software for Pro-face GP4000, GP4100, GP4000M, LT4000M, LT3000, EZ Series, SP5000 Smart Portal series products. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. Failed exploit attempts will result in a denial of service condition. Pro-face GP-Pro EX 4.07.000 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pro-face gp pro ex",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "4.07.000"
},
{
"model": "gp pro ex",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.07.000"
},
{
"model": "electric pro-face gp-pro ex",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "4.07.000"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.7"
},
{
"model": "pro-face gp-pro ex",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.7.100"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pro face gp pro ex",
"version": "4.07.000"
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:pro-face_gp_pro_ex",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "100114"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9961",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-22834",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-9961",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9961",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9961",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-22834",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in Schneider Electric\u0027s Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. Schneider Electric GP Pro EX Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pro-face GP-Pro EX is the development software for Pro-face GP4000, GP4100, GP4000M, LT4000M, LT3000, EZ Series, SP5000 Smart Portal series products. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. Failed exploit attempts will result in a denial of service condition. \nPro-face GP-Pro EX 4.07.000 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9961",
"trust": 3.5
},
{
"db": "BID",
"id": "100114",
"trust": 1.9
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-195-01",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-215-01",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22834",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556",
"trust": 0.8
},
{
"db": "IVD",
"id": "9D5553FD-7A78-4B9D-AA56-2BEAA93655C1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"id": "VAR-201709-1078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
}
]
},
"last_update_date": "2024-11-23T22:34:29.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-195-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-195-01"
},
{
"title": "Patch for Schneider Electric Pro-face GP-Pro EX arbitrary code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100839"
},
{
"title": "Schneider Electric Pro-face GP-Pro EX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99880"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-195-01/"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100114"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-215-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9961"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9961"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"date": "2017-08-03T00:00:00",
"db": "BID",
"id": "100114"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"date": "2017-09-26T01:29:04.007000",
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"date": "2017-08-03T00:00:00",
"db": "BID",
"id": "100114"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1087"
},
{
"date": "2024-11-21T03:37:15.510000",
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100114"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pro-face GP-Pro EX Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…