Proface GP-Pro EX cross-border read information leakage Vulnerability
Proface GP-Pro EX cross-border read information leakage Vulnerability
Release date:
Updated on:
Affected Systems:
Proface GP-Pro EX
Description:
Proface GP-Pro EX is a human-machine interface HMI software used on multiple platforms.
Proface GP-Pro EX has a security vulnerability in BeginPreRead processing. When dealing with malformed 0x7 f77 fields, attackers can exploit this vulnerability to read out of bounds and obtain arbitrary memory information.
<* Source: Steven Seeley (seeleymagic@hotmail.com)
Link: http://www.zerodayinitiative.com/advisories/ZDI-16-004/
*>
Suggestion:
Vendor patch:
Proface
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.profaceamerica.com/en-US/content/gp-pro-ex-hmi-software
This article permanently updates the link address: