VAR-201604-0147
Vulnerability from variot - Updated: 2023-12-18 12:20The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proface gp-pro ex pfxexgrpls",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.4"
},
{
"model": "proface gp-pro ex ex-ed",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.4"
},
{
"model": "proface gp-pro ex pfxexedv",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.4"
},
{
"model": "proface gp-pro ex pfxexedls",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.0.4"
},
{
"model": "gp-pro ex ex-ed",
"scope": "lt",
"trust": 0.8,
"vendor": "digital",
"version": "4.05.000"
},
{
"model": "gp-pro ex pfxexedls",
"scope": "lt",
"trust": 0.8,
"vendor": "digital",
"version": "4.05.000"
},
{
"model": "gp-pro ex pfxexedv",
"scope": "lt",
"trust": 0.8,
"vendor": "digital",
"version": "4.05.000"
},
{
"model": "gp-pro ex pfxexgrpls",
"scope": "lt",
"trust": 0.8,
"vendor": "digital",
"version": "4.05.000"
},
{
"model": "gp-pro ex ex-ed",
"scope": "lt",
"trust": 0.6,
"vendor": "pro face",
"version": "4.05.000"
},
{
"model": "pfxexedv",
"scope": "lt",
"trust": 0.6,
"vendor": "pro face",
"version": "4.05.000"
},
{
"model": "pfxexedls",
"scope": "lt",
"trust": 0.6,
"vendor": "pro face",
"version": "4.05.000"
},
{
"model": "pfxexgrpls",
"scope": "lt",
"trust": 0.6,
"vendor": "pro face",
"version": "4.05.000"
},
{
"model": "gp-pro ex pfxexgrpls",
"scope": "eq",
"trust": 0.6,
"vendor": "pro face",
"version": "4.0.4"
},
{
"model": "gp-pro ex ex-ed",
"scope": "eq",
"trust": 0.6,
"vendor": "pro face",
"version": "4.0.4"
},
{
"model": "gp-pro ex pfxexedv",
"scope": "eq",
"trust": 0.6,
"vendor": "pro face",
"version": "4.0.4"
},
{
"model": "gp-pro ex pfxexedls",
"scope": "eq",
"trust": 0.6,
"vendor": "pro face",
"version": "4.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gp pro ex ex ed",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gp pro ex pfxexedls",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gp pro ex pfxexedv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gp pro ex pfxexgrpls",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proface_gp-pro_ex_ex-ed:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proface_gp-pro_ex_pfxexedls:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proface_gp-pro_ex_pfxexedv:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:proface_gp-pro_ex_pfxexgrpls:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeremy Brown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
],
"trust": 0.6
},
"cve": "CVE-2015-7921",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7921",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02141",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-7921",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7921",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-02141",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-030",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7921"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7921",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-096-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2016-02141",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016",
"trust": 0.8
},
{
"db": "IVD",
"id": "5A8077F6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
]
},
"id": "VAR-201604-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
}
]
},
"last_update_date": "2023-12-18T12:20:35.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GP-Pro EX",
"trust": 0.8,
"url": "http://jpn.proface.co.jp/product/soft/gpproex/index.html"
},
{
"title": "Pro-face GP-Pro EX security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/73908"
},
{
"title": "Pro-face GP-Pro EX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60765"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-096-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7921"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7921"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"db": "NVD",
"id": "CVE-2015-7921"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "IVD",
"id": "5a8077f6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"date": "2016-04-06T23:59:02.473000",
"db": "NVD",
"id": "CVE-2015-7921"
},
{
"date": "2016-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02141"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007016"
},
{
"date": "2022-01-31T19:43:33.740000",
"db": "NVD",
"id": "CVE-2015-7921"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Pro-face GP-Pro EX Product FTP Vulnerability that prevents authentication on the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-030"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…