Details of VAR-201601-0673

ID

VAR-201601-0673

TITLE

(0Day) Proface GP-Pro EX Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-16-004

DESCRIPTION

This vulnerability allows remote attackers to disclose information on vulnerable installations of Proface GP-Pro EX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within BeginPreRead processing. When handling malformed 0x7f77 type fields, it is possible for an attacker to force an out-of-bounds read. An attacker can leverage this vulnerability to disclose arbitrary memory. Proface GP-Pro EX is a human interface HMI software used on multiple platforms

Trust: 1.35

sources: ZDI: ZDI-16-004 // CNVD: CNVD-2016-00201 // IVD: 2b9b922a-1e4e-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 2b9b922a-1e4e-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00201

AFFECTED PRODUCTS

vendor:	proface	model:	gp-pro ex	scope:	-	version:	-	Trust: 1.3
vendor:	proface	model:	gp-pro ex	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 2b9b922a-1e4e-11e6-abef-000c29c66e3d // ZDI: ZDI-16-004 // CNVD: CNVD-2016-00201

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-16-004
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2016-00201
value:	MEDIUM
Trust: 0.6
IVD:	2b9b922a-1e4e-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

ZDI:	ZDI-16-004
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2016-00201
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2b9b922a-1e4e-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 2b9b922a-1e4e-11e6-abef-000c29c66e3d // ZDI: ZDI-16-004 // CNVD: CNVD-2016-00201

TYPE

Information leakage

Trust: 0.2

sources: IVD: 2b9b922a-1e4e-11e6-abef-000c29c66e3d

PATCH

title:

This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.06/25/2015 - ZDI disclosed 4 cases to ICS-CERT06/25/2015 - ICS-CERT acknowledged and provided the ZDI an ICS-VU#10/03/2015 - ZDI asked for an update from ICS-CERT and reminded of the 10/23/2015 due date, asking if a short extension was neededThere was no reply but ZDI granted an extension for the cases.12/09/2015 - ZDI wrote to ICS-CERT to ask the status and notify of the intent to 0-day the reports at EOY-- Mitigation:Given the stated purpose of Proface GP-Pro, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application to trusted files.-- Vendor Response Link:

url:

http://www.schneider-electric.com/ww/en/download/document/sevd-2016-074-01

Trust: 0.7

sources: ZDI: ZDI-16-004

EXTERNAL IDS

db:	ZDI	id:	ZDI-16-004	Trust: 1.3
db:	CNVD	id:	CNVD-2016-00201	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2946	Trust: 0.7
db:	IVD	id:	2B9B922A-1E4E-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 2b9b922a-1e4e-11e6-abef-000c29c66e3d // ZDI: ZDI-16-004 // CNVD: CNVD-2016-00201

REFERENCES

url:	http://www.schneider-electric.com/ww/en/download/document/sevd-2016-074-01	Trust: 0.7
url:	http://www.zerodayinitiative.com/advisories/zdi-16-004/	Trust: 0.6

sources: ZDI: ZDI-16-004 // CNVD: CNVD-2016-00201

CREDITS

Steven Seeley of Source Incite

Trust: 0.7

sources: ZDI: ZDI-16-004

SOURCES

db:	IVD	id:	2b9b922a-1e4e-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-004
db:	CNVD	id:	CNVD-2016-00201

LAST UPDATE DATE

2022-05-17T02:08:06.086000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-004	date:	2016-01-08T00:00:00
db:	CNVD	id:	CNVD-2016-00201	date:	2016-01-13T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	2b9b922a-1e4e-11e6-abef-000c29c66e3d	date:	2016-01-13T00:00:00
db:	ZDI	id:	ZDI-16-004	date:	2016-01-08T00:00:00
db:	CNVD	id:	CNVD-2016-00201	date:	2016-01-13T00:00:00