19 matches found
EUVD-2016-3374
Malware in sbrugna...
EUVD-2016-3375
Malware in sbrugna...
EUVD-2018-19544
Malware in sbrugna...
Schneider Electric Pro-face GP-Pro EX和Remote HMI 安全漏洞
Schneider Electric Pro-face GP-Pro EX and Schneider Electric Pro-face Remote HMI are both products of Schneider Electric, France.Schneider Electric Pro-face GP-Pro EX is an HMI operation management system. Schneider Electric Pro-face GP- EX is a human-machine interface operator management system,...
Schneider Electric GP-Pro EX is a set of HMI interface editing and logic programming software from Schneider Electric (France). A buffer overflow vulnerability exists in Schneider Electric Pro-face GP-Pro EX. The vulnerability stems from improper manipulation of restrictions within memory buffer ranges and can be exploited by an attacker to cause memory corruption.
The NETGEAR R7100LG is a router from the American company NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. The NETGEAR R7100LG version 1.0.0.78 suffers from a command injection vulnerability that stems from the password parameter in...
Schneider Electric Pro-face GP-Pro EX
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify code to...
Input validation
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched...
CVE-2017-9961
A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL...
CVE-2017-9961
A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL...
CVE-2016-2291
Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via unspecified vectors...
CVE-2015-7921
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials...
Heap overflow
Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors...
Out-of-bounds
Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via unspecified vectors...
CVE-2015-7921
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials...
CVE-2015-7921
The CVE describes hard-coded credentials in the FTP server of Pro-face GP-Pro EX (affected models EX-ED, PFXEXEDV, PFXEXEDLS, PFXEXGRPLS) prior to version 4.05.000, enabling remote authentication bypass. Root cause: hard-coded credentials in the FTP service. Impact: unauthorized access to device ...
CVE-2016-2290
CVE-2016-2290 is a heap-based buffer overflow affecting Pro-face GP-Pro EX and related editors (EX-ED, PFXEXEDV/EDLS/GRPLS) prior to version 4.05.000. The vulnerability allows remote execution of arbitrary code in the affected process due to a heap-buffer overflow, with the NVD reporting a high-s...
Pro-face GP-Pro EX Authentication Bypass Vulnerability
Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from American Pro-face. The Pro-face GP-Pro EX has a security vulnerability due to the use of hard-coded certificates by the FTP server. A remote attacker could exploit the vulnerability to access items in the device...
Pro-face GP-Pro EX Heap Buffer Overflow Vulnerability
Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from American Pro-face. A heap buffer overflow vulnerability exists in Pro-face GP-Pro EX. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of a process...
Pro-face GP-Pro EX HMI Vulnerabilities
OVERVIEW ZDI Zero Day Initiative has identified one information disclosure and two buffer overflow vulnerabilities, and independent researcher Jeremy Brown has identified hard-coded credentials in Pro-face’s GP-Pro EX HMI software. Pro-face has produced a module to mitigate these vulnerabilities...