VDB
SEVD-2023-220-01
SEVD-2023-220-01
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Schneider Electric is aware of a vulnerability in its Pro-face GP-Pro EX product. The Pro-face GP-Pro EX product is an HMI Screen Editor & Logic Programming Software. The affected module is WinGP, which is the HMI runtime that enable HMI project execution on a Windows platform. Failure to apply the remediations provided below may risk memory corruption on the system running WinGP which could result in limited impact on confidentiality, integrity, and availability of the HMI.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric GP-Pro EX WinGP for iPC v4.09.450 and prior | ||
| Schneider Electric GP-Pro EX WinGP for PC/AT v4.09.450 and prior | ||
| Schneider Electric GP-Pro EX WinGP for iPC version 4.09.500 | ||
| Schneider Electric GP-Pro EX WinGP for PC/AT version 4.09.500 |
Timeline
- Aug 8, 2023 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-220-01.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://www.proface.com/en/download/search?fileTypeId=updates&serieIds=screen_creation%2Fgpproex fix