Arbitrary Code Execution Vulnerability in Schneider Electric's Pro-Face GP Pro EX Version 4.07.000

Arbitrary Code Execution Vulnerability in Schneider Electric's Pro-Face GP Pro EX Version 4.07.000

CVE-2017-9961 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process.

Learn more about our Web Application Penetration Testing UK.