CVE-2015-7921

Published: Apr 6, 2016Modified: May 6, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials.

Affected (4)

Products: Schneider Electric: Proface Gp Pro Ex Ex Ed, Proface Gp Pro Ex Pfxexedls, Proface Gp Pro Ex Pfxexedv, Proface Gp Pro Ex Pfxexgrpls

Schneider Electric

4 products

Proface Gp Pro Ex Ex Ed

Proface Gp Pro Ex Pfxexedls

Proface Gp Pro Ex Pfxexedv

Proface Gp Pro Ex Pfxexgrpls

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Proface Gp Pro Ex Ex Ed	Up to 4.0.4
Schneider Electric Proface Gp Pro Ex Pfxexedls	Up to 4.0.4
Schneider Electric Proface Gp Pro Ex Pfxexedv	Up to 4.0.4
Schneider Electric Proface Gp Pro Ex Pfxexgrpls	Up to 4.0.4

Related CWEs

CWE-255

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.