31 matches found
Heap overflow
Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2015-7921
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials...
Hardcoded credentials
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials...
CVE-2016-2290
CVE-2016-2290 is a heap-based buffer overflow affecting Pro-face GP-Pro EX and related editors (EX-ED, PFXEXEDV/EDLS/GRPLS) prior to version 4.05.000. The vulnerability allows remote execution of arbitrary code in the affected process due to a heap-buffer overflow, with the NVD reporting a high-s...
CVE-2016-2292
Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2015-7921
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials...
CVE-2015-7921
The CVE describes hard-coded credentials in the FTP server of Pro-face GP-Pro EX (affected models EX-ED, PFXEXEDV, PFXEXEDLS, PFXEXGRPLS) prior to version 4.05.000, enabling remote authentication bypass. Root cause: hard-coded credentials in the FTP service. Impact: unauthorized access to device ...
CVE-2016-2290
Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors...
Pro-face GP-Pro EX Authentication Bypass Vulnerability
Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from American Pro-face. The Pro-face GP-Pro EX has a security vulnerability due to the use of hard-coded certificates by the FTP server. A remote attacker could exploit the vulnerability to access items in the device...
Pro-face GP-Pro EX Heap Buffer Overflow Vulnerability
Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from American Pro-face. A heap buffer overflow vulnerability exists in Pro-face GP-Pro EX. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of a process...
Pro-face GP-Pro EX HMI Vulnerabilities
OVERVIEW ZDI Zero Day Initiative has identified one information disclosure and two buffer overflow vulnerabilities, and independent researcher Jeremy Brown has identified hard-coded credentials in Pro-face’s GP-Pro EX HMI software. Pro-face has produced a module to mitigate these vulnerabilities...