Vulnerabilities > CVE-2017-9961 - Unspecified vulnerability in Schneider-Electric Pro-Face GP PRO EX 4.07.000

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

schneider-electric

NVD

Published: 2017-09-26

Updated: 2019-10-03

Summary

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric PRO Face GP PRO EX 4.07.000	1

References

http://www.schneider-electric.com/en/download/document/SEVD-2017-195-01/
http://www.securityfocus.com/bid/100114