9 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. Una CWE-427: Se presenta una vulnerabilidad de Elemento de Ruta de Búsqueda no Controlada en GP-Pro EX, versiones V4.09.250 y anteriores, que podría causar una ejecución de código local con privilegios elevados cuando se instala el software • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-03 • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. CWE-521: Se presenta una vulnerabilidad de Requisitos de Contraseña Débiles en GP-Pro EX versiones V1.00 hasta V4.09.100, lo que podría causar el descubrimiento de la contraseña cuando el usuario ingresa la contraseña porque no está enmascarada • https://www.se.com/ww/en/download/document/SEVD-2020-133-01 • CWE-521: Weak Password Requirements •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Existe una vulnerabilidad de validación de entradas en Pro-Face GP-Pro EX, en versiones v4.08 y anteriores, lo que podría provocar la ejecución de archivos ejecutables arbitrarios cuando se inicia GP-Pro EX. • http://www.securityfocus.com/bid/106441 https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01 https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. Existe una vulnerabilidad en la versión 4.07.000 de Pro-Face GP Pro EX de Schneider Electric que permite que un atacante ejecute código arbitrario. Se necesita acceder a un ordenador para instalar el código malicioso. • http://www.schneider-electric.com/en/download/document/SEVD-2017-195-01 http://www.securityfocus.com/bid/100114 •