CVE-2015-7921
moderate-risk
Published 2016-04-06
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials.
Do I need to act?
-
0.40% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10
Critical
NETWORK
/ LOW complexity
Affected Products (4)
Proface Gp-Pro Ex Ex-Ed
Proface Gp-Pro Ex Pfxexedls
Proface Gp-Pro Ex Pfxexedv
Proface Gp-Pro Ex Pfxexgrpls
Affected Vendors
References (2)
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01
43
/ 100
moderate-risk
Severity
31/34 · Critical
Exploitability
2/34 · Minimal
Exposure
10/34 · Low