// For flags

CVE-2015-7921

 

Severity Score

9.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials.

El servidor FTP en Pro-face GP-Pro EX EX-ED en versiones anteriores a 4.05.000, PFXEXEDV en versiones anteriores a 4.05.000, PFXEXEDLS en versiones anteriores a 4.05.000 y PFXEXGRPLS en versiones anteriores a 4.05.000 tiene credenciales embebidas, lo que facilita a atacantes remotos eludir la autenticación aprovechando el conocimiento de esas credenciales.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-10-22 CVE Reserved
  • 2016-04-06 CVE Published
  • 2024-01-28 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-255: Credentials Management Errors
CAPEC
References (1)
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
Proface Gp-pro Ex Ex-ed
Search vendor "Schneider-electric" for product "Proface Gp-pro Ex Ex-ed"
<= 4.0.4
Search vendor "Schneider-electric" for product "Proface Gp-pro Ex Ex-ed" and version " <= 4.0.4"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Proface Gp-pro Ex Pfxexedls
Search vendor "Schneider-electric" for product "Proface Gp-pro Ex Pfxexedls"
<= 4.0.4
Search vendor "Schneider-electric" for product "Proface Gp-pro Ex Pfxexedls" and version " <= 4.0.4"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Proface Gp-pro Ex Pfxexedv
Search vendor "Schneider-electric" for product "Proface Gp-pro Ex Pfxexedv"
<= 4.0.4
Search vendor "Schneider-electric" for product "Proface Gp-pro Ex Pfxexedv" and version " <= 4.0.4"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Proface Gp-pro Ex Pfxexgrpls
Search vendor "Schneider-electric" for product "Proface Gp-pro Ex Pfxexgrpls"
<= 4.0.4
Search vendor "Schneider-electric" for product "Proface Gp-pro Ex Pfxexgrpls" and version " <= 4.0.4"
-
Affected