Vulnerabilities > CVE-2017-9961 - Unspecified vulnerability in Schneider-Electric Pro-Face GP PRO EX 4.07.000

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
schneider-electric

Summary

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process.

Vulnerable Configurations

Part Description Count
Application
Schneider-Electric
1