Details of VAR-201708-1589

ID

VAR-201708-1589

TITLE

Schneider Electric Pro-Face WinGP Arbitrary code execution vulnerability

Trust: 0.8

sources: IVD: ee2798a1-6159-4e67-9829-1d90589b62ee // CNVD: CNVD-2017-21360

DESCRIPTION

Pro-Face GP Pro-Server EX is the preferred HMI development software for both dedicated and open HMI (PC-based) solutions. Schneider Electric Pro-Face WinGP has an arbitrary code execution vulnerability that an attacker can use to force the process to load arbitrary DLLs and execute arbitrary code in the context of the process

Trust: 0.72

sources: CNVD: CNVD-2017-21360 // IVD: ee2798a1-6159-4e67-9829-1d90589b62ee

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: ee2798a1-6159-4e67-9829-1d90589b62ee // CNVD: CNVD-2017-21360

AFFECTED PRODUCTS

vendor:	schneider	model:	electric pro-face wingp	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric pro-face wingp	scope:	eq	version:	*	Trust: 0.2

sources: IVD: ee2798a1-6159-4e67-9829-1d90589b62ee // CNVD: CNVD-2017-21360

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-21360
value:	HIGH
Trust: 0.6
IVD:	ee2798a1-6159-4e67-9829-1d90589b62ee
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2017-21360
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ee2798a1-6159-4e67-9829-1d90589b62ee
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: ee2798a1-6159-4e67-9829-1d90589b62ee // CNVD: CNVD-2017-21360

TYPE

Code injection

Trust: 0.2

sources: IVD: ee2798a1-6159-4e67-9829-1d90589b62ee

EXTERNAL IDS

db:	CNVD	id:	CNVD-2017-21360	Trust: 0.8
db:	IVD	id:	EE2798A1-6159-4E67-9829-1D90589B62EE	Trust: 0.2

sources: IVD: ee2798a1-6159-4e67-9829-1d90589b62ee // CNVD: CNVD-2017-21360

REFERENCES

url:

http://seclists.org/fulldisclosure/2017/jun/48

Trust: 0.6

sources: CNVD: CNVD-2017-21360

SOURCES

db:	IVD	id:	ee2798a1-6159-4e67-9829-1d90589b62ee
db:	CNVD	id:	CNVD-2017-21360

LAST UPDATE DATE

2022-05-17T02:01:04.742000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-21360

date:

2017-08-16T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	ee2798a1-6159-4e67-9829-1d90589b62ee	date:	2017-08-16T00:00:00
db:	CNVD	id:	CNVD-2017-21360	date:	2017-08-16T00:00:00