Details of VAR-201601-0672

ID

VAR-201601-0672

TITLE

Proface GP-Pro EX Stack buffer overflow remote code execution vulnerability

Trust: 0.8

sources: IVD: 29404c6e-1e4e-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00202

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Proface GP-Pro EX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within BeginPreRead processing. When handling malformed 0x7f77 type fields, it is possible for an attacker to force a stack-based buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. Proface GP-Pro EX is a human interface HMI software used on multiple platforms

Trust: 1.35

sources: ZDI: ZDI-16-003 // CNVD: CNVD-2016-00202 // IVD: 29404c6e-1e4e-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 29404c6e-1e4e-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00202

AFFECTED PRODUCTS

vendor:	proface	model:	gp-pro ex	scope:	-	version:	-	Trust: 1.3
vendor:	proface	model:	gp-pro ex	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 29404c6e-1e4e-11e6-abef-000c29c66e3d // ZDI: ZDI-16-003 // CNVD: CNVD-2016-00202

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-16-003
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2016-00202
value:	MEDIUM
Trust: 0.6
IVD:	29404c6e-1e4e-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

ZDI:	ZDI-16-003
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2016-00202
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	29404c6e-1e4e-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 29404c6e-1e4e-11e6-abef-000c29c66e3d // ZDI: ZDI-16-003 // CNVD: CNVD-2016-00202

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: 29404c6e-1e4e-11e6-abef-000c29c66e3d

PATCH

title:

This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.06/25/2015 - ZDI disclosed 4 cases to ICS-CERT06/25/2015 - ICS-CERT acknowledged and provided the ZDI an ICS-VU#10/03/2015 - ZDI asked for an update from ICS-CERT and reminded of the 10/23/2015 due date, asking if a short extension was neededThere was no reply but ZDI granted an extension for the cases.12/09/2015 - ZDI wrote to ICS-CERT to ask the status and notify of the intent to 0-day the reports at EOY-- Mitigation:Given the stated purpose of Proface GP-Pro, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application to trusted files.-- Vendor Response Link:

url:

http://www.schneider-electric.com/ww/en/download/document/sevd-2016-074-01

Trust: 0.7

sources: ZDI: ZDI-16-003

EXTERNAL IDS

db:	ZDI	id:	ZDI-16-003	Trust: 1.3
db:	CNVD	id:	CNVD-2016-00202	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2945	Trust: 0.7
db:	IVD	id:	29404C6E-1E4E-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 29404c6e-1e4e-11e6-abef-000c29c66e3d // ZDI: ZDI-16-003 // CNVD: CNVD-2016-00202

REFERENCES

url:	http://www.schneider-electric.com/ww/en/download/document/sevd-2016-074-01	Trust: 0.7
url:	http://www.zerodayinitiative.com/advisories/zdi-16-003/	Trust: 0.6

sources: ZDI: ZDI-16-003 // CNVD: CNVD-2016-00202

CREDITS

Steven Seeley of Source Incite

Trust: 0.7

sources: ZDI: ZDI-16-003

SOURCES

db:	IVD	id:	29404c6e-1e4e-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-003
db:	CNVD	id:	CNVD-2016-00202

LAST UPDATE DATE

2022-05-17T01:46:30.535000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-003	date:	2016-01-08T00:00:00
db:	CNVD	id:	CNVD-2016-00202	date:	2016-01-13T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	29404c6e-1e4e-11e6-abef-000c29c66e3d	date:	2016-01-13T00:00:00
db:	ZDI	id:	ZDI-16-003	date:	2016-01-08T00:00:00
db:	CNVD	id:	CNVD-2016-00202	date:	2016-01-13T00:00:00