CVE-2017-9961

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
schneider-electricpro-face_gp_pro_ex
4.07.000
𝑥
= Vulnerable software versions
References
http://www.schneider-electric.com/en/download/document/SEVD-2017-195-01/
http://www.securityfocus.com/bid/100114
http://www.schneider-electric.com/en/download/document/SEVD-2017-195-01/
http://www.securityfocus.com/bid/100114