The NCCIC has published an advisory on an improper input validation vulnerability in Schneider Electric Pro-face GP-Pro Ex. Versions 4.08 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to modify code to launch an arbitrary executable upon launch of the program. Schneider Electric has produced Version 4.08.200 of the software to address this vulnerability. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.
Early bird registration for H2OSecCon 2024 is now open! - REGISTER HERE