CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3953
https://notcve.org/view.php?id=CVE-2023-3953
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7832
https://notcve.org/view.php?id=CVE-2018-7832
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Existe una vulnerabilidad de validación de entradas en Pro-Face GP-Pro EX, en versiones v4.08 y anteriores, lo que podría provocar la ejecución de archivos ejecutables arbitrarios cuando se inicia GP-Pro EX. • http://www.securityfocus.com/bid/106441 https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01 https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9961
https://notcve.org/view.php?id=CVE-2017-9961
A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. Existe una vulnerabilidad en la versión 4.07.000 de Pro-Face GP Pro EX de Schneider Electric que permite que un atacante ejecute código arbitrario. Se necesita acceder a un ordenador para instalar el código malicioso. • http://www.schneider-electric.com/en/download/document/SEVD-2017-195-01 http://www.securityfocus.com/bid/100114 •