CVE-2016-2290

Published: Apr 6, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

Affected (4)

Products: Schneider Electric: Proface Gp Pro Ex Ex Ed, Proface Gp Pro Ex Pfxexedls, Proface Gp Pro Ex Pfxexedv, Proface Gp Pro Ex Pfxexgrpls

Schneider Electric

4 products

Proface Gp Pro Ex Ex Ed

Proface Gp Pro Ex Pfxexedls

Proface Gp Pro Ex Pfxexedv

Proface Gp Pro Ex Pfxexgrpls

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Proface Gp Pro Ex Ex Ed	Up to 4.0.4
Schneider Electric Proface Gp Pro Ex Pfxexedls	Up to 4.0.4
Schneider Electric Proface Gp Pro Ex Pfxexedv	Up to 4.0.4
Schneider Electric Proface Gp Pro Ex Pfxexgrpls	Up to 4.0.4

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.