
Important notice regarding vulnerability in our screen editor, GP-Pro EX
Posted: Apr. 1, 2016
Thank you very much for your continuous use of Pro-face products.
We’ve found that there are some issues of vulnerability in our screen editor, GP-Pro EX.
We take these issues seriously and have created the following measures.
We’ve found that there are some issues of vulnerability in our screen editor, GP-Pro EX.
We take these issues seriously and have created the following measures.
Symptom descriptions
In the event of a malicious cyber-attack such as writing data or falsifying data to the software, “Freeze” or “Forced shutdown” may occur in our products shown below. But we haven’t heard such symptoms caused due to the vulnerability in the inquiries from our customers yet.
Applicable products
Screen Editor [GP-Pro EX]:
| Product Model | EX-ED*, PFXEXEDV*, PFXEXEDLS*, PFXEXGRPLS* | 
|---|---|
| Target Version | GP-Pro EX Ver. 1.00.00 to Ver. 4.04.000 | 
| How to confirm the version | [Help(H)] → [Version Information(A)] | 
Measures
Download and install the following update module.
 
→ GP-Pro EX Update Module (Ver. 4.05.000 or later)
 
To download the module, free member registration for "Otasuke Pro!" is required.
  
We already reported about this matter to ZDI (Zero Day Initiative) / ICS-CERT *1. We address the issue of the protection from cyber attacks to the users' equipment or control system.
-> Documents posted on the ZDI’s site http://www.zerodayinitiative.com/advisories/published/
→ GP-Pro EX Update Module (Ver. 4.05.000 or later)

To download the module, free member registration for "Otasuke Pro!" is required.
We already reported about this matter to ZDI (Zero Day Initiative) / ICS-CERT *1. We address the issue of the protection from cyber attacks to the users' equipment or control system.
| Detector/Researcher | Contents | |
|---|---|---|
| ICS-CERT | ZDI | |
| ICS-VU-026229 *2 | ZDI-16-006 | Pro-face GP-Pro EX D-Script Heap Buffer Overflow Remote Code Execution Vulnerability | 
| ZDI-16-005 | Pro-face GP-Pro EX Out-Of-Bounds Read Information Disclosure Vulnerability | |
| ZDI-16-004 | Pro-face GP-Pro EX Out-Of-Bounds Read Information Disclosure Vulnerability | |
| ZDI-16-003 | Pro-face GP-Pro EX Stack Buffer Overflow Remote Code Execution Vulnerability | |
| ICS-VU-67947 *2 | Pro-face GP-Pro EX Hardcoded credentials on the FTP server that enable access to the project data | |
| Pro-face GP-Pro EX Possible Secondary Authentication Bypass that enable access to the project data | ||
- ICS-CERT (Industrial Control System Cyber Response Team) is an institution which protects control systems from cyber attacks in the United States Department of Homeland Security. In cooperation with US-CERT charged with information security, ICS-CERT treats vulnerability information about control systems, and it offers to support the incidents about control systems of society's infrastructure, lifelines and basic industries in the United States.
- ICS-CRET: non-disclosure (under checking status)
-> Documents posted on the ZDI’s site http://www.zerodayinitiative.com/advisories/published/
Mitigation
We recommend customers take defensive measures to minimize the exploitation risk. Specifically, customers should do the following:
- Review all network configurations for control system devices.
 - Remove unnecessary PC(s) from control system networks
 - Remove unnecessary applications from control system networks
 
- Minimize network exposure for all control system devices. Control system devices should not have a direct connection to the Internet
 
- Locate control system networks and devices behind firewalls. Isolate the control system from the business network.
 
- When remote access to a control system is required, employ secure methods, such as Virtual Private Networks (VPNs). However, our customers must recognize that a VPN is only as secure as the connected devices.
Inquiry
If you have any inquiries, please contact our sales office in your region.
For contact information, please refer to the "Inquiry" page.
		For contact information, please refer to the "Inquiry" page.


 
				
