CVE-2015-7921

CRITICAL

Pro-face GP-Pro EX <4.05.000 - Auth Bypass

Title source: llm

Description

The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials.

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01

Scores

CVSS v3 9.1

EPSS 0.0040

EPSS Percentile 61.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-255

Status published

Products (4)

schneider-electric/proface_gp-pro_ex_ex-ed < 4.0.4

schneider-electric/proface_gp-pro_ex_pfxexedls < 4.0.4

schneider-electric/proface_gp-pro_ex_pfxexedv < 4.0.4

schneider-electric/proface_gp-pro_ex_pfxexgrpls < 4.0.4

Published Apr 06, 2016

Tracked Since Feb 18, 2026