VAR-201709-1078
Vulnerability from variot - Updated: 2023-12-18 12:29A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. Schneider Electric GP Pro EX Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pro-face GP-Pro EX is the development software for Pro-face GP4000, GP4100, GP4000M, LT4000M, LT3000, EZ Series, SP5000 Smart Portal series products. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. Failed exploit attempts will result in a denial of service condition. Pro-face GP-Pro EX 4.07.000 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pro-face gp pro ex",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "4.07.000"
},
{
"model": "gp pro ex",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "4.07.000"
},
{
"model": "electric pro-face gp-pro ex",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "4.07.000"
},
{
"model": "pro-face gp-pro ex",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.7"
},
{
"model": "pro-face gp-pro ex",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "4.7.100"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pro face gp pro ex",
"version": "4.07.000"
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:pro-face_gp_pro_ex:4.07.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "100114"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9961",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-22834",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9961",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9961",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22834",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in Schneider Electric\u0027s Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. Schneider Electric GP Pro EX Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pro-face GP-Pro EX is the development software for Pro-face GP4000, GP4100, GP4000M, LT4000M, LT3000, EZ Series, SP5000 Smart Portal series products. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. Failed exploit attempts will result in a denial of service condition. \nPro-face GP-Pro EX 4.07.000 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9961",
"trust": 3.5
},
{
"db": "BID",
"id": "100114",
"trust": 1.9
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-195-01",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-215-01",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22834",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556",
"trust": 0.8
},
{
"db": "IVD",
"id": "9D5553FD-7A78-4B9D-AA56-2BEAA93655C1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"id": "VAR-201709-1078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
}
]
},
"last_update_date": "2023-12-18T12:29:24.348000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-195-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2017-195-01"
},
{
"title": "Patch for Schneider Electric Pro-face GP-Pro EX arbitrary code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100839"
},
{
"title": "Schneider Electric Pro-face GP-Pro EX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99880"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-195-01/"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100114"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-215-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9961"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9961"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"db": "BID",
"id": "100114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"date": "2017-08-03T00:00:00",
"db": "BID",
"id": "100114"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"date": "2017-09-26T01:29:04.007000",
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22834"
},
{
"date": "2017-08-03T00:00:00",
"db": "BID",
"id": "100114"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008556"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-9961"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100114"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pro-face GP-Pro EX Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "9d5553fd-7a78-4b9d-aa56-2beaa93655c1"
},
{
"db": "CNVD",
"id": "CNVD-2017-22834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1087"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…