Schneider Electric Pro-face GP-Pro Ex (ICSA-19-003-01) – Product Used in the Energy Sector

The NCCIC has published an advisory on an improper input validation vulnerability in Schneider Electric Pro-face GP-Pro Ex. Versions 4.08 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to modify code to launch an arbitrary executable upon launch of the program. Schneider Electric has produced Version 4.08.200 of the software to address this vulnerability. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.