Vulnerability Description
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Proface Gp-Pro Ex Ex-Ed | <= 4.0.4 |
| Schneider-Electric | Proface Gp-Pro Ex Pfxexedls | <= 4.0.4 |
| Schneider-Electric | Proface Gp-Pro Ex Pfxexedv | <= 4.0.4 |
| Schneider-Electric | Proface Gp-Pro Ex Pfxexgrpls | <= 4.0.4 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-7921?
CVE-2015-7921 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for rem...
How severe is CVE-2015-7921?
CVE-2015-7921 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-7921?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Proface Gp-Pro Ex Ex-Ed, Schneider-Electric Proface Gp-Pro Ex Pfxexedls, Schneider-Electric Proface Gp-Pro Ex Pfxexedv, Schneider-Electric Proface Gp-Pro Ex Pfxexgrpls.