cvelistv5 - CVE-2018-7832

CVE-2018-7832 (GCVE-0-2018-7832)

Vulnerability from cvelistv5 – Published: 2018-12-24 16:00 – Updated: 2024-08-05 06:37

Summary

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.

Severity ?

No CVSS data available.

CWE

Improper Input Validation

Assigner

schneider

References

URL

Tags

	https://www.schneider-electric.com/en/download/do…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/106441	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Schneider Electric SE	Pro-Face GP-Pro EX v4.08 and previous versions	Affected: Pro-Face GP-Pro EX v4.08 and previous versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
          },
          {
            "name": "106441",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106441"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pro-Face GP-Pro EX v4.08 and previous versions",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "Pro-Face GP-Pro EX v4.08 and previous versions"
            }
          ]
        }
      ],
      "datePublic": "2018-12-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-28T17:29:34",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
        },
        {
          "name": "106441",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106441"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7832",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pro-Face GP-Pro EX v4.08 and previous versions",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Pro-Face GP-Pro EX v4.08 and previous versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
            },
            {
              "name": "106441",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106441"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7832",
    "datePublished": "2018-12-24T16:00:00",
    "dateReserved": "2018-03-08T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.08\", \"matchCriteriaId\": \"00252E4F-6C2E-4232-BD78-5A92E83795CD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de validaci\\u00f3n de entradas en Pro-Face GP-Pro EX, en versiones v4.08 y anteriores, lo que podr\\u00eda provocar la ejecuci\\u00f3n de archivos ejecutables arbitrarios cuando se inicia GP-Pro EX.\"}]",
      "id": "CVE-2018-7832",
      "lastModified": "2024-11-21T04:12:50.603",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-12-24T16:29:00.873",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/106441\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01\", \"source\": \"cybersecurity@se.com\"}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/106441\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7832\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2018-12-24T16:29:00.873\",\"lastModified\":\"2024-11-21T04:12:50.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de validaci\u00f3n de entradas en Pro-Face GP-Pro EX, en versiones v4.08 y anteriores, lo que podr\u00eda provocar la ejecuci\u00f3n de archivos ejecutables arbitrarios cuando se inicia GP-Pro EX.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.08\",\"matchCriteriaId\":\"00252E4F-6C2E-4232-BD78-5A92E83795CD\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106441\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01\",\"source\":\"cybersecurity@se.com\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106441\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2018-7832

Vulnerability from fkie_nvd - Published: 2018-12-24 16:29 - Updated: 2024-11-21 04:12

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.

References

URL	Tags
cybersecurity@se.com	http://www.securityfocus.com/bid/106441	Third Party Advisory, VDB Entry
cybersecurity@se.com	https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01
cybersecurity@se.com	https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106441	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01
af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	pro-face_gp-pro_ex	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00252E4F-6C2E-4232-BD78-5A92E83795CD",
              "versionEndIncluding": "4.08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de validaci\u00f3n de entradas en Pro-Face GP-Pro EX, en versiones v4.08 y anteriores, lo que podr\u00eda provocar la ejecuci\u00f3n de archivos ejecutables arbitrarios cuando se inicia GP-Pro EX."
    }
  ],
  "id": "CVE-2018-7832",
  "lastModified": "2024-11-21T04:12:50.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-24T16:29:00.873",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106441"
    },
    {
      "source": "cybersecurity@se.com",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-19-003-01

Vulnerability from csaf_cisa - Published: 2019-01-03 00:00 - Updated: 2019-01-03 00:00

Summary

Schneider Electric Pro-face GP-Pro EX

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow an attacker to modify code to launch an arbitrary executable upon launch of the program.

Critical infrastructure sectors

Energy

Countries/areas deployed

Worldwide

Company headquarters location

France

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Yu Quiang"
        ],
        "organization": "Venustech \u0027s ADLab",
        "summary": "reporting this vulnerability to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow an attacker to modify code to launch an arbitrary executable upon launch of the program.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Energy",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "France",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-003-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-003-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-003-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-003-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-003-01"
      }
    ],
    "title": "Schneider Electric Pro-face GP-Pro EX",
    "tracking": {
      "current_release_date": "2019-01-03T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-003-01",
      "initial_release_date": "2019-01-03T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-01-03T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-003-01 Schneider Electric Pro-face GP-Pro EX"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 4.08",
                "product": {
                  "name": "Pro-face GP-Pro EX: Version 4.08 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Pro-face GP-Pro EX"
          }
        ],
        "category": "vendor",
        "name": "Schneider Electric Software, LLC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-7832",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The program \u0027s code contains an error in which an arbitrary executable can be launched.CVE-2018-7832 has been assigned to this vulnerability. A CVSS v3 base score of 9.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7832"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Schneider Electric has produced Version 4.08.200 of the software. It can be downloaded from:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.proface.com/en/topic/2018/1126_3"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Schneider Electric\u0027s security bulletin at:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

CERTFR-2018-AVI-610

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	EVLink Parking versions 3.2.0-12_v1 et antérieures
Schneider Electric	N/A	IIoT Monitor 3.1.38
Schneider Electric	N/A	Pro-Face GP-Pro EX versions 4.08 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2018-354-03 du 20 décembre 2018	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2018-354-02 du 20 décembre 2018	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2018-354-01 du 20 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "EVLink Parking versions 3.2.0-12_v1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "IIoT Monitor 3.1.38",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Pro-Face GP-Pro EX versions 4.08 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7800"
    },
    {
      "name": "CVE-2018-7801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7801"
    },
    {
      "name": "CVE-2018-7802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7802"
    },
    {
      "name": "CVE-2018-7835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7835"
    },
    {
      "name": "CVE-2018-7832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7832"
    },
    {
      "name": "CVE-2018-7836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7836"
    },
    {
      "name": "CVE-2018-7837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7837"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-610",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-354-03 du 20 d\u00e9cembre 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-354-02 du 20 d\u00e9cembre 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-354-01 du 20 d\u00e9cembre 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/"
    }
  ]
}

CERTFR-2018-AVI-610

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	EVLink Parking versions 3.2.0-12_v1 et antérieures
Schneider Electric	N/A	IIoT Monitor 3.1.38
Schneider Electric	N/A	Pro-Face GP-Pro EX versions 4.08 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2018-354-03 du 20 décembre 2018	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2018-354-02 du 20 décembre 2018	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2018-354-01 du 20 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "EVLink Parking versions 3.2.0-12_v1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "IIoT Monitor 3.1.38",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Pro-Face GP-Pro EX versions 4.08 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7800"
    },
    {
      "name": "CVE-2018-7801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7801"
    },
    {
      "name": "CVE-2018-7802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7802"
    },
    {
      "name": "CVE-2018-7835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7835"
    },
    {
      "name": "CVE-2018-7832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7832"
    },
    {
      "name": "CVE-2018-7836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7836"
    },
    {
      "name": "CVE-2018-7837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7837"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-610",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-354-03 du 20 d\u00e9cembre 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-354-02 du 20 d\u00e9cembre 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-354-01 du 20 d\u00e9cembre 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/"
    }
  ]
}

GHSA-FHMF-2C4W-WCCG

Vulnerability from github – Published: 2022-05-14 01:00 – Updated: 2022-05-14 01:00

Details

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-7832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-24T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.",
  "id": "GHSA-fhmf-2c4w-wccg",
  "modified": "2022-05-14T01:00:17Z",
  "published": "2022-05-14T01:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7832"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106441"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-7832

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.

Aliases

CVE-2018-7832

Aliases

CVE-2018-7832

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7832",
    "description": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.",
    "id": "GSD-2018-7832"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7832"
      ],
      "details": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.",
      "id": "GSD-2018-7832",
      "modified": "2023-12-13T01:22:33.289708Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2018-7832",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Pro-Face GP-Pro EX v4.08 and previous versions",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Pro-Face GP-Pro EX v4.08 and previous versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider Electric SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/",
            "refsource": "CONFIRM",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
          },
          {
            "name": "106441",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106441"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.08",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7832"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02/"
            },
            {
              "name": "106441",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106441"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01",
              "refsource": "MISC",
              "tags": [],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-28T18:29Z",
      "publishedDate": "2018-12-24T16:29Z"
    }
  }
}

VAR-201812-0850

Vulnerability from variot - Updated: 2022-05-04 09:28

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Pro-Face GP-Pro EX Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Pro-face GP-Pro EX 4.08 and prior versions are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0850",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "schneider electric",
        "version": "4.08"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "4.08"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "4.07"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "4.06"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "4.05"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "4.04"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "4.03"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "4.02"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "4.01"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "4.00"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "4.8.200"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106441"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7832"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.08",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7832"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yu Quiang of Venustech??s ADLab",
    "sources": [
      {
        "db": "BID",
        "id": "106441"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-7832",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-7832",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-7832",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 1.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-7832",
            "trust": 1.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-1094",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1094"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7832"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Pro-Face GP-Pro EX Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. \nPro-face GP-Pro EX 4.08 and prior versions are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7832"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "db": "BID",
        "id": "106441"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "ICS CERT",
        "id": "ICSA-19-003-01",
        "trust": 2.7
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7832",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "106441",
        "trust": 1.9
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2018-354-02",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1094",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106441"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1094"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7832"
      }
    ]
  },
  "id": "VAR-201812-0850",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.5
  },
  "last_update_date": "2022-05-04T09:28:51.808000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2018-354-02",
        "trust": 0.8,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-354-02/"
      },
      {
        "title": "Schneider Electric Pro-Face GP-Pro EX Enter the fix for the verification vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88167"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1094"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7832"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-003-01"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/106441"
      },
      {
        "trust": 1.6,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-354-02/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7832"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7832"
      },
      {
        "trust": 0.3,
        "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
      },
      {
        "trust": 0.3,
        "url": "https://www.proface.com/en/product/soft/gpproex/top"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106441"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1094"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7832"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "106441"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1094"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7832"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-03T00:00:00",
        "db": "BID",
        "id": "106441"
      },
      {
        "date": "2019-03-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "date": "2018-12-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-1094"
      },
      {
        "date": "2018-12-24T16:29:00",
        "db": "NVD",
        "id": "CVE-2018-7832"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-03T00:00:00",
        "db": "BID",
        "id": "106441"
      },
      {
        "date": "2019-03-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      },
      {
        "date": "2019-05-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-1094"
      },
      {
        "date": "2019-05-28T18:29:00",
        "db": "NVD",
        "id": "CVE-2018-7832"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1094"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pro-Face GP-Pro EX Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013855"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "106441"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-1094"
      }
    ],
    "trust": 0.9
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-7832 (GCVE-0-2018-7832)

FKIE_CVE-2018-7832

ICSA-19-003-01

CERTFR-2018-AVI-610

Solution

CERTFR-2018-AVI-610

Solution

GHSA-FHMF-2C4W-WCCG

GSD-2018-7832

VAR-201812-0850

Tags

Sightings

Nomenclature