Details of VAR-201604-0147

ID

VAR-201604-0147

CVE

CVE-2015-7921

TITLE

plural Pro-face GP-Pro EX Product FTP Vulnerability that prevents authentication on the server

Trust: 0.8

sources: JVNDB: JVNDB-2015-007016

DESCRIPTION

The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software

Trust: 2.34

sources: NVD: CVE-2015-7921 // JVNDB: JVNDB-2015-007016 // CNVD: CNVD-2016-02141 // IVD: 5a8077f6-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5a8077f6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-02141

AFFECTED PRODUCTS

vendor:	schneider electric	model:	proface gp-pro ex pfxexgrpls	scope:	lte	version:	4.0.4	Trust: 1.0
vendor:	schneider electric	model:	proface gp-pro ex ex-ed	scope:	lte	version:	4.0.4	Trust: 1.0
vendor:	schneider electric	model:	proface gp-pro ex pfxexedls	scope:	lte	version:	4.0.4	Trust: 1.0
vendor:	schneider electric	model:	proface gp-pro ex pfxexedv	scope:	lte	version:	4.0.4	Trust: 1.0
vendor:	digital	model:	gp-pro ex ex-ed	scope:	lt	version:	4.05.000	Trust: 0.8
vendor:	digital	model:	gp-pro ex pfxexedls	scope:	lt	version:	4.05.000	Trust: 0.8
vendor:	digital	model:	gp-pro ex pfxexedv	scope:	lt	version:	4.05.000	Trust: 0.8
vendor:	digital	model:	gp-pro ex pfxexgrpls	scope:	lt	version:	4.05.000	Trust: 0.8
vendor:	pro face	model:	gp-pro ex ex-ed	scope:	lt	version:	4.05.000	Trust: 0.6
vendor:	pro face	model:	pfxexedv	scope:	lt	version:	4.05.000	Trust: 0.6
vendor:	pro face	model:	pfxexedls	scope:	lt	version:	4.05.000	Trust: 0.6
vendor:	pro face	model:	pfxexgrpls	scope:	lt	version:	4.05.000	Trust: 0.6
vendor:	pro face	model:	gp-pro ex pfxexgrpls	scope:	eq	version:	4.0.4	Trust: 0.6
vendor:	pro face	model:	gp-pro ex ex-ed	scope:	eq	version:	4.0.4	Trust: 0.6
vendor:	pro face	model:	gp-pro ex pfxexedv	scope:	eq	version:	4.0.4	Trust: 0.6
vendor:	pro face	model:	gp-pro ex pfxexedls	scope:	eq	version:	4.0.4	Trust: 0.6
vendor:	gp pro ex ex ed	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	gp pro ex pfxexedls	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	gp pro ex pfxexedv	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	gp pro ex pfxexgrpls	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 5a8077f6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-02141 // JVNDB: JVNDB-2015-007016 // CNNVD: CNNVD-201604-030 // NVD: CVE-2015-7921

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7921
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-7921
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2016-02141
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201604-030
value:	CRITICAL
Trust: 0.6
IVD:	5a8077f6-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2015-7921
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-02141
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5a8077f6-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2015-7921
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2015-7921
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 5a8077f6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-02141 // JVNDB: JVNDB-2015-007016 // CNNVD: CNNVD-201604-030 // NVD: CVE-2015-7921

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2015-007016 // NVD: CVE-2015-7921

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-030

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201604-030

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007016

PATCH

title:	GP-Pro EX	url:	http://jpn.proface.co.jp/product/soft/gpproex/index.html	Trust: 0.8
title:	Pro-face GP-Pro EX security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/73908	Trust: 0.6
title:	Pro-face GP-Pro EX Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60765	Trust: 0.6

sources: CNVD: CNVD-2016-02141 // JVNDB: JVNDB-2015-007016 // CNNVD: CNNVD-201604-030

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7921	Trust: 3.2
db:	ICS CERT	id:	ICSA-16-096-01	Trust: 3.0
db:	CNVD	id:	CNVD-2016-02141	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-030	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-007016	Trust: 0.8
db:	IVD	id:	5A8077F6-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 5a8077f6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-02141 // JVNDB: JVNDB-2015-007016 // CNNVD: CNNVD-201604-030 // NVD: CVE-2015-7921

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-096-01	Trust: 3.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7921	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7921	Trust: 0.8

sources: CNVD: CNVD-2016-02141 // JVNDB: JVNDB-2015-007016 // CNNVD: CNNVD-201604-030 // NVD: CVE-2015-7921

CREDITS

Jeremy Brown

Trust: 0.6

sources: CNNVD: CNNVD-201604-030

SOURCES

db:	IVD	id:	5a8077f6-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2016-02141
db:	JVNDB	id:	JVNDB-2015-007016
db:	CNNVD	id:	CNNVD-201604-030
db:	NVD	id:	CVE-2015-7921

LAST UPDATE DATE

2025-04-13T23:25:10.265000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02141	date:	2016-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-007016	date:	2016-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201604-030	date:	2021-09-10T00:00:00
db:	NVD	id:	CVE-2015-7921	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	5a8077f6-2351-11e6-abef-000c29c66e3d	date:	2016-04-12T00:00:00
db:	CNVD	id:	CNVD-2016-02141	date:	2016-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-007016	date:	2016-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201604-030	date:	2016-04-06T00:00:00
db:	NVD	id:	CVE-2015-7921	date:	2016-04-06T23:59:02.473