All the vulnerabilites related to Panasonic - Control FPWIN Pro
var-202101-0140
Vulnerability from variot
FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": "lt",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.5.0.1"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "version 7.5.0.0"
},
{
"model": "control fpwin pro",
"scope": null,
"trust": 0.7,
"vendor": "panasonic",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.5.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
}
],
"trust": 0.7
},
"cve": "CVE-2020-16236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-16236",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-001002",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-16236",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-16236",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001002",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-16236",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-236",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-16236",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16236",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-005-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92365365",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11579",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-068",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0048",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-16236",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"id": "VAR-202101-0140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2023-12-18T12:35:11.851000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Programming Software Control FPWIN Pro",
"trust": 0.8,
"url": "https://industry.panasonic.eu/factory-automation/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
},
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
},
{
"title": "Panasonic FPWIN Pro Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138391"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16236"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92365365"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16236"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0048/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194260"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"date": "2021-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"date": "2021-01-07T07:38:38",
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"date": "2021-01-26T18:15:39.787000",
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"date": "2021-01-07T07:38:38",
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"date": "2021-01-29T00:58:43.103000",
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Panasonic FPWIN Pro Out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
],
"trust": 0.6
}
}
var-202307-1941
Vulnerability from variot
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.6.0.3"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "7 ver. 7.6.0.3 and earlier"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"cve": "CVE-2023-28728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "product-security@gg.jp.panasonic.com",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002906",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "VULMON",
"id": "CVE-2023-28728"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-28728",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU96622721",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-192-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-28728",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"id": "VAR-202307-1941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2024-04-27T12:22:09.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "software \u00a0\u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 download Panasonic",
"trust": 0.8,
"url": "https://www3.panasonic.biz/ac/j/dl/software/index.jsp?series_cd=3359"
},
{
"title": "Panasonic Control FPWIN Pro Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=247071"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Mistake of type (CWE-843) [ others ]",
"trust": 0.8
},
{
"problemtype": " Buffer error (CWE-119) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96622721/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28730"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28728"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28729"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-28728/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-21T07:15:09.707000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2024-04-18T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-31T20:58:56.437000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic\u00a0 Made \u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
],
"trust": 0.6
}
}
var-201906-0208
Vulnerability from variot
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": null,
"trust": 1.4,
"vendor": "panasonic",
"version": null
},
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "ne",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.1.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "9sg Security Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
}
],
"trust": 1.4
},
"cve": "CVE-2019-6530",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6530",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6530",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6530",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6530",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2019-6530",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-281",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6530",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-157-02",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-19-565",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-567",
"trust": 2.3
},
{
"db": "BID",
"id": "108683",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7848",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7852",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"id": "VAR-201906-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2023-12-18T13:33:30.328000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic FPWIN Pro Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93362"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/108683"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-567/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-565/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6530"
},
{
"trust": 0.9,
"url": "http://panasonic.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6530"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2044/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"date": "2019-06-07T14:29:00.400000",
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"date": "2019-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"date": "2020-10-16T15:47:04.773000",
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
],
"trust": 0.6
}
}
var-201906-0209
Vulnerability from variot
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": null,
"trust": 2.1,
"vendor": "panasonic",
"version": null
},
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "ne",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.1.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "9sg Security Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
}
],
"trust": 2.1
},
"cve": "CVE-2019-6532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6532",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6532",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6532",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-6532",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6532",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-279",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6532",
"trust": 4.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-157-02",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-19-568",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-570",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-566",
"trust": 2.3
},
{
"db": "BID",
"id": "108683",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7851",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7850",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7849",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"id": "VAR-201906-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2023-12-18T13:33:30.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic FPWIN Pro Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93360"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.0
},
{
"problemtype": "CWE-704",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/108683"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-570/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-566/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-568/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6532"
},
{
"trust": 0.9,
"url": "http://panasonic.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6532"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2044/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"date": "2019-06-07T14:29:00.480000",
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"date": "2019-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"date": "2020-10-06T18:11:17.167000",
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Control FPWIN Pro Project File Parsing sc_obj Type Confusion Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
],
"trust": 0.6
}
}
cve-2023-28729
Vulnerability from cvelistv5
Published
2023-07-21 06:05
Modified
2024-08-02 13:43
Severity
Summary
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
References
Impacted products
| Vendor | Product |
|---|---|
| Panasonic | Control FPWIN Pro |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "7.6.0.3 and all previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
}
],
"value": "A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T06:05:26.585Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic Corporation"
},
"references": [
{
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic Corporation",
"cveId": "CVE-2023-28729",
"datePublished": "2023-07-21T06:05:26.585Z",
"dateReserved": "2023-03-22T05:49:11.016Z",
"dateUpdated": "2024-08-02T13:43:23.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28730
Vulnerability from cvelistv5
Published
2023-07-21 06:07
Modified
2024-08-02 13:43
Severity
Summary
A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
References
Impacted products
| Vendor | Product |
|---|---|
| Panasonic | Control FPWIN Pro |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "7.6.0.3 and all previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
}
],
"value": "A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T06:07:24.310Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic Corporation"
},
"references": [
{
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic Corporation",
"cveId": "CVE-2023-28730",
"datePublished": "2023-07-21T06:07:24.310Z",
"dateReserved": "2023-03-22T05:49:11.016Z",
"dateUpdated": "2024-08-02T13:43:23.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28728
Vulnerability from cvelistv5
Published
2023-07-21 06:03
Modified
2024-08-02 13:43
Severity
Summary
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
References
Impacted products
| Vendor | Product |
|---|---|
| Panasonic | Control FPWIN Pro |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "7.6.0.3 and all previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
}
],
"value": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T06:03:00.280Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic Corporation"
},
"references": [
{
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic Corporation",
"cveId": "CVE-2023-28728",
"datePublished": "2023-07-21T06:03:00.280Z",
"dateReserved": "2023-03-22T05:49:11.016Z",
"dateUpdated": "2024-08-02T13:43:23.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6315
Vulnerability from cvelistv5
Published
2023-12-19 00:25
Modified
2024-08-02 08:28
Severity
Summary
Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
References
Impacted products
| Vendor | Product |
|---|---|
| Panasonic | Control FPWIN Pro |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"lessThanOrEqual": "7.7.0.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"value": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T00:25:12.122Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2023-6315",
"datePublished": "2023-12-19T00:25:12.122Z",
"dateReserved": "2023-11-27T05:48:37.067Z",
"dateUpdated": "2024-08-02T08:28:20.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6314
Vulnerability from cvelistv5
Published
2023-12-19 00:24
Modified
2024-08-27 19:01
Severity
Summary
Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
References
Impacted products
| Vendor | Product |
|---|---|
| Panasonic | Control FPWIN Pro |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T19:00:42.507828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:01:32.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"lessThanOrEqual": "7.7.0.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"value": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T00:24:37.946Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2023-6314",
"datePublished": "2023-12-19T00:24:37.946Z",
"dateReserved": "2023-11-27T05:48:34.594Z",
"dateUpdated": "2024-08-27T19:01:32.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}