ID
VAR-201604-0191
CVE
CVE-2016-7921
TITLE
Pro-face GP-Pro EX Certification Bypass Vulnerability
Trust: 0.6
DESCRIPTION
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7921. Reason: This candidate is a duplicate of CVE-2015-7921. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-7921 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from Pro-face, USA. Pro-face GP-Pro EX has a security hole because the FTP server uses hard-coded certificates. A remote attacker could exploit the vulnerability to access items in the device. Proface GP-Pro EX is prone to an authentication-bypass vulnerability. GP-Pro EX 1.00 through 4.0.4 are vulnerable. Note: This issue was previously titled 'Proface GP-Pro EX CVE-2015-7921 Hard Coded Credentials Authentication Bypass Vulnerability'. The title has been changed due to corrected CVE external identifier
Trust: 1.89
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | pro face | model: | gp-pro ex | scope: | - | version: | - | Trust: 0.6 |
| vendor: | pro face | model: | gp-pro ex | scope: | eq | version: | * | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
remote
Trust: 0.6
TYPE
permissions and access control
Trust: 0.6
PATCH
| title: | Pro-face GP-Pro EX certification patch to bypass the vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/73691 | Trust: 0.6 |
| title: | Digital Electronics Proface GP-Pro EX Fixes for authentication bypassing vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62920 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-7921 | Trust: 2.7 |
| db: | BID | id: | 85858 | Trust: 1.5 |
| db: | CNVD | id: | CNVD-2016-02015 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201607-346 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-16-096-01 | Trust: 0.6 |
| db: | IVD | id: | 5A6C91B4-2351-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
REFERENCES
| url: | http://ics-cert.us-cert.gov/advisories/icsa-16-096-01 | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/85858 | Trust: 0.6 |
CREDITS
Jeremy Brown
Trust: 0.9
SOURCES
| db: | IVD | id: | 5a6c91b4-2351-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2016-02015 |
| db: | BID | id: | 85858 |
| db: | CNNVD | id: | CNNVD-201607-346 |
| db: | NVD | id: | CVE-2016-7921 |
LAST UPDATE DATE
2024-08-14T13:57:19.518000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-02015 | date: | 2016-04-07T00:00:00 |
| db: | BID | id: | 85858 | date: | 2016-07-05T22:03:00 |
| db: | CNNVD | id: | CNNVD-201607-346 | date: | 2016-07-14T00:00:00 |
| db: | NVD | id: | CVE-2016-7921 | date: | 2023-11-07T02:35:16.317 |
SOURCES RELEASE DATE
| db: | IVD | id: | 5a6c91b4-2351-11e6-abef-000c29c66e3d | date: | 2016-04-07T00:00:00 |
| db: | CNVD | id: | CNVD-2016-02015 | date: | 2016-04-07T00:00:00 |
| db: | BID | id: | 85858 | date: | 2016-04-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-201607-346 | date: | 2016-04-01T00:00:00 |
| db: | NVD | id: | CVE-2016-7921 | date: | 2016-04-07T10:59:03.370 |