EUVD-2012-3740

Malware in sbrugna...

Schneider Electric Pro-Face WinGP Arbitrary Code Execution Vulnerability

Pro-Face GP Pro-Server EX is the HMI development software of choice for supporting dedicated and open HMI PC-based solutions. An arbitrary code execution vulnerability exists in Schneider Electric Pro-Face WinGP, which can be exploited by an attacker to force the process to load an arbitrary DLL...

CVE-2012-3793

Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service daemon crash via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer...

Memory corruption

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified...

CVE-2012-3793

CVE-2012-3793 affects Pro-face WinGP PC Runtime (3.1.00 and earlier) and Pro-face Pro-Server EX (1.30.000 and earlier). The vulnerability stems from an integer overflow that can cause a buffer overflow when processing a crafted packet with a specific opcode, leading to a denial-of-service (daemon...

CVE-2012-3792

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service out-of-bounds read operation via a crafted packet that triggers a certain Find Node check attempt...