Sign-up

ID

VAR-201604-0064


CVE

CVE-2016-2291


TITLE

Pro-face GP-Pro EX Denial of service vulnerability

Trust: 1.4

sources: IVD: 5a7159ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-02078 // CNNVD: CNNVD-201604-050

DESCRIPTION

Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from Pro-face, USA. There is a security hole in Pro-face GP-Pro EX. Digital Electronics Proface GP-Pro EX is a programmable human-machine interface product from Digital Electronics of Japan. A security vulnerability exists in Digital Electronics Proface GP-Pro EX. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application or leak sensitive information. Other attacks are also possible. GP-Pro EX 1.00 through 4.0.4 are vulnerable

Trust: 3.15

sources: NVD: CVE-2016-2291 // JVNDB: JVNDB-2016-001946 // CNVD: CNVD-2016-02078 // CNNVD: CNNVD-201601-279 // BID: 80168 // IVD: 5a7159ec-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5a7159ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-02078

AFFECTED PRODUCTS

vendor:schneider electricmodel:proface gp-pro ex pfxexgrplsscope:lteversion:4.0.4

Trust: 1.0

vendor:schneider electricmodel:proface gp-pro ex ex-edscope:lteversion:4.0.4

Trust: 1.0

vendor:schneider electricmodel:proface gp-pro ex pfxexedlsscope:lteversion:4.0.4

Trust: 1.0

vendor:schneider electricmodel:proface gp-pro ex pfxexedvscope:lteversion:4.0.4

Trust: 1.0

vendor:digitalmodel:gp-pro ex ex-edscope:ltversion:4.05.000

Trust: 0.8

vendor:digitalmodel:gp-pro ex pfxexedlsscope:ltversion:4.05.000

Trust: 0.8

vendor:digitalmodel:gp-pro ex pfxexedvscope:ltversion:4.05.000

Trust: 0.8

vendor:digitalmodel:gp-pro ex pfxexgrplsscope:ltversion:4.05.000

Trust: 0.8

vendor:pro facemodel:gp-pro ex ex-edscope:ltversion:4.05.000

Trust: 0.6

vendor:pro facemodel:pfxexedvscope:ltversion:4.05.000

Trust: 0.6

vendor:pro facemodel:pfxexedlsscope:ltversion:4.05.000

Trust: 0.6

vendor:pro facemodel:pfxexgrplsscope:ltversion:4.05.000

Trust: 0.6

vendor:pro facemodel:gp-pro ex pfxexgrplsscope:eqversion:4.0.4

Trust: 0.6

vendor:pro facemodel:gp-pro ex ex-edscope:eqversion:4.0.4

Trust: 0.6

vendor:pro facemodel:gp-pro ex pfxexedvscope:eqversion:4.0.4

Trust: 0.6

vendor:pro facemodel:gp-pro ex pfxexedlsscope:eqversion:4.0.4

Trust: 0.6

vendor:gp pro ex ex edmodel: - scope:eqversion:*

Trust: 0.2

vendor:gp pro ex pfxexedlsmodel: - scope:eqversion:*

Trust: 0.2

vendor:gp pro ex pfxexedvmodel: - scope:eqversion:*

Trust: 0.2

vendor:gp pro ex pfxexgrplsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 5a7159ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-02078 // JVNDB: JVNDB-2016-001946 // CNNVD: CNNVD-201604-050 // NVD: CVE-2016-2291

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2291
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-2291
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-02078
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201604-050
value: MEDIUM

Trust: 0.6

IVD: 5a7159ec-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2016-2291
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-02078
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5a7159ec-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-2291
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-2291
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 5a7159ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-02078 // JVNDB: JVNDB-2016-001946 // CNNVD: CNNVD-201604-050 // NVD: CVE-2016-2291

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2016-001946 // NVD: CVE-2016-2291

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201601-279 // CNNVD: CNNVD-201604-050

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201601-279

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001946

PATCH
title:GP-Pro EXurl:http://jpn.proface.co.jp/product/soft/gpproex/index.html
Trust: 0.8
title:Patch for Pro-face GP-Pro EX Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/73739
Trust: 0.6
title:Pro-face GP-Pro EX Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60785
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-02078 // 
            
            
            
            JVNDB: JVNDB-2016-001946 // 
            
            
            
            CNNVD: CNNVD-201604-050

EXTERNAL IDS
db:NVDid:CVE-2016-2291
Trust: 3.5
db:ICS CERTid:ICSA-16-096-01
Trust: 3.0
db:BIDid:80168
Trust: 0.9
db:CNVDid:CNVD-2016-02078
Trust: 0.8
db:CNNVDid:CNNVD-201604-050
Trust: 0.8
db:JVNDBid:JVNDB-2016-001946
Trust: 0.8
db:CNNVDid:CNNVD-201601-279
Trust: 0.6
db:IVDid:5A7159EC-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 5a7159ec-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2016-02078 // 
            
            
            
            BID: 80168 // 
            
            
            
            JVNDB: JVNDB-2016-001946 // 
            
            
            
            CNNVD: CNNVD-201601-279 // 
            
            
            
            CNNVD: CNNVD-201604-050 // 
            
            
            
            NVD: CVE-2016-2291

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-096-01
Trust: 3.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2291
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2291
Trust: 0.8
url:http://www.securityfocus.com/bid/80168
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-02078 // 
            
            
            
            JVNDB: JVNDB-2016-001946 // 
            
            
            
            CNNVD: CNNVD-201601-279 // 
            
            
            
            CNNVD: CNNVD-201604-050 // 
            
            
            
            NVD: CVE-2016-2291

CREDITS
Steven Seeley of Source Incite and Brian Gorenc of HP Zero Day Initiative.
Trust: 0.9
sources:
            
            
            BID: 80168 // 
            
            
            
            CNNVD: CNNVD-201601-279

SOURCES
db:IVDid:5a7159ec-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-02078
db:BIDid:80168
db:JVNDBid:JVNDB-2016-001946
db:CNNVDid:CNNVD-201601-279
db:CNNVDid:CNNVD-201604-050
db:NVDid:CVE-2016-2291

LAST UPDATE DATE
2025-04-13T23:25:10.227000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-02078date:2016-04-08T00:00:00
db:BIDid:80168date:2016-07-06T14:21:00
db:JVNDBid:JVNDB-2016-001946date:2016-04-08T00:00:00
db:CNNVDid:CNNVD-201601-279date:2016-01-15T00:00:00
db:CNNVDid:CNNVD-201604-050date:2021-09-10T00:00:00
db:NVDid:CVE-2016-2291date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:5a7159ec-2351-11e6-abef-000c29c66e3ddate:2016-04-08T00:00:00
db:CNVDid:CNVD-2016-02078date:2016-04-08T00:00:00
db:BIDid:80168date:2016-01-08T00:00:00
db:JVNDBid:JVNDB-2016-001946date:2016-04-08T00:00:00
db:CNNVDid:CNNVD-201601-279date:2016-01-15T00:00:00
db:CNNVDid:CNNVD-201604-050date:2016-04-07T00:00:00
db:NVDid:CVE-2016-2291date:2016-04-06T23:59:17.663