Search criteria
6 vulnerabilities found for pro-face_gp-pro_ex by schneider-electric
FKIE_CVE-2023-3953
Vulnerability from fkie_nvd - Published: 2023-08-09 15:15 - Updated: 2024-11-21 08:18
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory
Buffer vulnerability exists that could cause memory corruption when an authenticated user
opens a tampered log file from GP-Pro EX.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | pro-face_gp-pro_ex | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED20D73-6B2A-42AE-AFC8-C28284E88E5E",
"versionEndExcluding": "4.09.500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-119: Restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria que podr\u00eda provocar da\u00f1os en la memoria cuando un usuario autenticado abre un archivo de registro manipulado desde GP-Pro EX."
}
],
"id": "CVE-2023-3953",
"lastModified": "2024-11-21T08:18:23.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-09T15:15:09.623",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7832
Vulnerability from fkie_nvd - Published: 2018-12-24 16:29 - Updated: 2024-11-21 04:12
Severity ?
Summary
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | pro-face_gp-pro_ex | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00252E4F-6C2E-4232-BD78-5A92E83795CD",
"versionEndIncluding": "4.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de validaci\u00f3n de entradas en Pro-Face GP-Pro EX, en versiones v4.08 y anteriores, lo que podr\u00eda provocar la ejecuci\u00f3n de archivos ejecutables arbitrarios cuando se inicia GP-Pro EX."
}
],
"id": "CVE-2018-7832",
"lastModified": "2024-11-21T04:12:50.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-24T16:29:00.873",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106441"
},
{
"source": "cybersecurity@se.com",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-3953 (GCVE-0-2023-3953)
Vulnerability from cvelistv5 – Published: 2023-08-09 14:02 – Updated: 2024-10-09 18:10
VLAI?
Summary
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory
Buffer vulnerability exists that could cause memory corruption when an authenticated user
opens a tampered log file from GP-Pro EX.
Severity ?
5.3 (Medium)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | GP-Pro EX WinGP for iPC |
Affected:
v4.09.450 and prior
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:55:24.434489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:10:11.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GP-Pro EX WinGP for iPC",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "v4.09.450 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GP-Pro EX WinGP for PC/AT",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "v4.09.450 and prior"
}
]
}
],
"datePublic": "2023-08-08T13:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
}
],
"value": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T14:02:44.472Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-3953",
"datePublished": "2023-08-09T14:02:44.472Z",
"dateReserved": "2023-07-26T08:14:55.340Z",
"dateUpdated": "2024-10-09T18:10:11.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7832 (GCVE-0-2018-7832)
Vulnerability from cvelistv5 – Published: 2018-12-24 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | Pro-Face GP-Pro EX v4.08 and previous versions |
Affected:
Pro-Face GP-Pro EX v4.08 and previous versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
},
{
"name": "106441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106441"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pro-Face GP-Pro EX v4.08 and previous versions",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Pro-Face GP-Pro EX v4.08 and previous versions"
}
]
}
],
"datePublic": "2018-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-28T17:29:34",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
},
{
"name": "106441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106441"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pro-Face GP-Pro EX v4.08 and previous versions",
"version": {
"version_data": [
{
"version_value": "Pro-Face GP-Pro EX v4.08 and previous versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
},
{
"name": "106441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106441"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7832",
"datePublished": "2018-12-24T16:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3953 (GCVE-0-2023-3953)
Vulnerability from nvd – Published: 2023-08-09 14:02 – Updated: 2024-10-09 18:10
VLAI?
Summary
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory
Buffer vulnerability exists that could cause memory corruption when an authenticated user
opens a tampered log file from GP-Pro EX.
Severity ?
5.3 (Medium)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | GP-Pro EX WinGP for iPC |
Affected:
v4.09.450 and prior
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:55:24.434489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:10:11.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GP-Pro EX WinGP for iPC",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "v4.09.450 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GP-Pro EX WinGP for PC/AT",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "v4.09.450 and prior"
}
]
}
],
"datePublic": "2023-08-08T13:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
}
],
"value": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T14:02:44.472Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-3953",
"datePublished": "2023-08-09T14:02:44.472Z",
"dateReserved": "2023-07-26T08:14:55.340Z",
"dateUpdated": "2024-10-09T18:10:11.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7832 (GCVE-0-2018-7832)
Vulnerability from nvd – Published: 2018-12-24 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | Pro-Face GP-Pro EX v4.08 and previous versions |
Affected:
Pro-Face GP-Pro EX v4.08 and previous versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
},
{
"name": "106441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106441"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pro-Face GP-Pro EX v4.08 and previous versions",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Pro-Face GP-Pro EX v4.08 and previous versions"
}
]
}
],
"datePublic": "2018-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-28T17:29:34",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
},
{
"name": "106441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106441"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pro-Face GP-Pro EX v4.08 and previous versions",
"version": {
"version_data": [
{
"version_value": "Pro-Face GP-Pro EX v4.08 and previous versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
},
{
"name": "106441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106441"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7832",
"datePublished": "2018-12-24T16:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}