All the vulnerabilites related to Panasonic - FPWIN Pro
cve-2019-6532
Vulnerability from cvelistv5
Published
2019-06-07 13:58
Modified
2024-08-04 20:23
Severity ?
Summary
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
Impacted products
PanasonicFPWIN Pro
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:21.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
          },
          {
            "name": "108683",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108683"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FPWIN Pro",
          "vendor": "Panasonic",
          "versions": [
            {
              "status": "affected",
              "version": "Version 7.3.0.0 and prior"
            }
          ]
        }
      ],
      "datePublic": "2019-06-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (\u0027TYPE CONFUSION\u0027) CWE-843",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-13T17:06:07",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
        },
        {
          "name": "108683",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108683"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-6532",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FPWIN Pro",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 7.3.0.0 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Panasonic"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (\u0027TYPE CONFUSION\u0027) CWE-843"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
            },
            {
              "name": "108683",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108683"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-6532",
    "datePublished": "2019-06-07T13:58:48",
    "dateReserved": "2019-01-22T00:00:00",
    "dateUpdated": "2024-08-04T20:23:21.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-16236
Vulnerability from cvelistv5
Published
2021-01-25 18:46
Modified
2024-09-16 22:15
Severity ?
Summary
anasonic FPWIN Pro
References
Impacted products
PanasonicFPWIN Pro
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:37:54.009Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FPWIN Pro",
          "vendor": "Panasonic",
          "versions": [
            {
              "lessThanOrEqual": "Version 7.5.0.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "OUT-OF-BOUNDS READ CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T18:46:40",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "anasonic FPWIN Pro",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2021-01-05T17:00:00.000Z",
          "ID": "CVE-2020-16236",
          "STATE": "PUBLIC",
          "TITLE": "anasonic FPWIN Pro"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FPWIN Pro",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "Version 7.5.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Panasonic"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "OUT-OF-BOUNDS READ CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-16236",
    "datePublished": "2021-01-25T18:46:40.532651Z",
    "dateReserved": "2020-07-31T00:00:00",
    "dateUpdated": "2024-09-16T22:15:45.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6530
Vulnerability from cvelistv5
Published
2019-06-07 13:58
Modified
2024-08-04 20:23
Severity ?
Summary
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.
Impacted products
PanasonicFPWIN Pro
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:21.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
          },
          {
            "name": "108683",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108683"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FPWIN Pro",
          "vendor": "Panasonic",
          "versions": [
            {
              "status": "affected",
              "version": "Version 7.3.0.0 and prior"
            }
          ]
        }
      ],
      "datePublic": "2019-06-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-13T17:06:06",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
        },
        {
          "name": "108683",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108683"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-6530",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FPWIN Pro",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 7.3.0.0 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Panasonic"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
            },
            {
              "name": "108683",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108683"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-6530",
    "datePublished": "2019-06-07T13:58:17",
    "dateReserved": "2019-01-22T00:00:00",
    "dateUpdated": "2024-08-04T20:23:21.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-202107-0878
Vulnerability from variot

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. Provided by Panasonic Corporation FPWIN Pro Has XML An external entity reference vulnerability exists. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0878",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "panasonic",
        "version": "7.5.1.1"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": "programming control software v7.5.1.1  and all previous  s"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32972"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32972"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael Heinzl reported this vulnerability to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1943"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-32972",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-32972",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001896",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-32972",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2021-001896",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-1943",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-32972",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-32972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1943"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. Provided by Panasonic Corporation FPWIN Pro Has XML An external entity reference vulnerability exists. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32972"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "ICS CERT",
        "id": "ICSA-21-180-03",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32972",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVNVU95869186",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021063023",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2282",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1943",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32972",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-32972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1943"
      }
    ]
  },
  "id": "VAR-202107-0878",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.31896552
  },
  "last_update_date": "2023-12-18T11:45:18.338000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Programming\u00a0Software\u00a0Control\u00a0FPWIN\u00a0Pro",
        "trust": 0.8,
        "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
      },
      {
        "title": "Claroty Secure Remote Access Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155675"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1943"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-611",
        "trust": 1.0
      },
      {
        "problemtype": "XML Improper restrictions on external entity references (CWE-611) [IPA Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32972"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95869186"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2282"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021063023"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/611.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-32972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1943"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-32972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1943"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32972"
      },
      {
        "date": "2021-07-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "date": "2021-07-09T11:15:08.630000",
        "db": "NVD",
        "id": "CVE-2021-32972"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1943"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32972"
      },
      {
        "date": "2021-07-01T08:48:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      },
      {
        "date": "2021-07-13T16:55:28.230000",
        "db": "NVD",
        "id": "CVE-2021-32972"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1943"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1943"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Made by Panasonic \u00a0FPWIN\u00a0Pro\u00a0 To \u00a0XML\u00a0 Improper restriction vulnerability in external entity reference",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001896"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0346
Vulnerability from variot

Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion.". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a denial-of-service condition

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0346",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "fpwin pro",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "7.x"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "5.x from  7.130"
      },
      {
        "model": "fpwin pro",
        "scope": null,
        "trust": 0.7,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "5.x"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "6.x"
      },
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "\u003c=7.122"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "fpwin pro",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "55646fa2-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-334"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4497"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Steven Seeley of Source Incite",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-334"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2016-4497",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4497",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2016-4497",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-03215",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "55646fa2-2351-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 0.8,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-4497",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4497",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "ZDI",
            "id": "CVE-2016-4497",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-03215",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-200",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "55646fa2-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "55646fa2-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-334"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap.  This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object.  An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a  denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-334"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      },
      {
        "db": "BID",
        "id": "90523"
      },
      {
        "db": "IVD",
        "id": "55646fa2-2351-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4497",
        "trust": 4.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-131-01",
        "trust": 3.0
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-334",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "90523",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-200",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3504",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "55646FA2-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "55646fa2-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-334"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      },
      {
        "db": "BID",
        "id": "90523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ]
  },
  "id": "VAR-201605-0346",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "55646fa2-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      }
    ],
    "trust": 1.1189655200000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "55646fa2-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:20:30.772000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FPWIN Pro",
        "trust": 0.8,
        "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
      },
      {
        "title": "Panasonic has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
      },
      {
        "title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability - CNVD-2016-03215",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/75924"
      },
      {
        "title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61518"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-334"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4497"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
      },
      {
        "trust": 1.6,
        "url": "http://zerodayinitiative.com/advisories/zdi-16-334/"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/90523"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4497"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4497"
      },
      {
        "trust": 0.3,
        "url": "http://panasonic.com/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-334"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      },
      {
        "db": "BID",
        "id": "90523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "55646fa2-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-334"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      },
      {
        "db": "BID",
        "id": "90523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-17T00:00:00",
        "db": "IVD",
        "id": "55646fa2-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-334"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "BID",
        "id": "90523"
      },
      {
        "date": "2016-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "date": "2016-05-12T01:59:12.683000",
        "db": "NVD",
        "id": "CVE-2016-4497"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-334"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03215"
      },
      {
        "date": "2016-07-06T14:40:00",
        "db": "BID",
        "id": "90523"
      },
      {
        "date": "2016-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      },
      {
        "date": "2016-11-28T20:18:25.663000",
        "db": "NVD",
        "id": "CVE-2016-4497"
      },
      {
        "date": "2016-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002710"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation",
    "sources": [
      {
        "db": "IVD",
        "id": "55646fa2-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-200"
      }
    ],
    "trust": 0.8
  }
}

var-201906-0208
Vulnerability from variot

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0208",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "control fpwin pro",
        "scope": null,
        "trust": 1.4,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "control fpwin pro",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "panasonic",
        "version": "7.3.0.0"
      },
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "7.3.0.0"
      },
      {
        "model": "control fpwin pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "panasonic",
        "version": "7.3.0.0"
      },
      {
        "model": "control fpwin pro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "panasonic",
        "version": "7.3.1.0"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-567"
      },
      {
        "db": "BID",
        "id": "108683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6530"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6530"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "9sg Security Team",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-567"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2019-6530",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-6530",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-6530",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.4,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-6530",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-6530",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2019-6530",
            "trust": 1.4,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-281",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files.  The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer.  An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6530"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-567"
      },
      {
        "db": "BID",
        "id": "108683"
      }
    ],
    "trust": 3.15
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6530",
        "trust": 4.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-157-02",
        "trust": 2.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-565",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-567",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "108683",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7848",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7852",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2044",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-281",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-567"
      },
      {
        "db": "BID",
        "id": "108683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ]
  },
  "id": "VAR-201906-0208",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.31896552
  },
  "last_update_date": "2023-12-18T13:33:30.328000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Panasonic has issued an update to correct this vulnerability.",
        "trust": 1.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
      },
      {
        "title": "FPWIN Pro",
        "trust": 0.8,
        "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
      },
      {
        "title": "Panasonic FPWIN Pro Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93362"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-567"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6530"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
      },
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/108683"
      },
      {
        "trust": 2.2,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-567/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-565/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6530"
      },
      {
        "trust": 0.9,
        "url": "http://panasonic.com/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6530"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2044/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-567"
      },
      {
        "db": "BID",
        "id": "108683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-567"
      },
      {
        "db": "BID",
        "id": "108683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-567"
      },
      {
        "date": "2019-06-06T00:00:00",
        "db": "BID",
        "id": "108683"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "date": "2019-06-07T14:29:00.400000",
        "db": "NVD",
        "id": "CVE-2019-6530"
      },
      {
        "date": "2019-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-565"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-567"
      },
      {
        "date": "2019-06-06T00:00:00",
        "db": "BID",
        "id": "108683"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "date": "2020-10-16T15:47:04.773000",
        "db": "NVD",
        "id": "CVE-2019-6530"
      },
      {
        "date": "2020-10-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-281"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0347
Vulnerability from variot

Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a local denial-of-service vulnerability. Failed attacks will cause denial-of-service conditions

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0347",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "fpwin pro",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "7.x"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "5.x from  7.130"
      },
      {
        "model": "fpwin pro",
        "scope": null,
        "trust": 0.7,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "5.x"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "6.x"
      },
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "\u003c=7.122"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "fpwin pro",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "55650ad4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-332"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4498"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Steven Seeley of Source Incite",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-332"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2016-4498",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4498",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2016-4498",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-03214",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "55650ad4-2351-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.1,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-4498",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4498",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "ZDI",
            "id": "CVE-2016-4498",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-03214",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-199",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "55650ad4-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "55650ad4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-332"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference.  An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a local denial-of-service vulnerability. Failed attacks will cause denial-of-service  conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4498"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-332"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      },
      {
        "db": "BID",
        "id": "90521"
      },
      {
        "db": "IVD",
        "id": "55650ad4-2351-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4498",
        "trust": 4.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-131-01",
        "trust": 3.0
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-332",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "90521",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-199",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3456",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "55650AD4-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "55650ad4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-332"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      },
      {
        "db": "BID",
        "id": "90521"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ]
  },
  "id": "VAR-201605-0347",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "55650ad4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      }
    ],
    "trust": 1.1189655200000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "55650ad4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:20:30.679000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FPWIN Pro",
        "trust": 0.8,
        "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
      },
      {
        "title": "Panasonic has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
      },
      {
        "title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03214)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/75925"
      },
      {
        "title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61517"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-332"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4498"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
      },
      {
        "trust": 1.6,
        "url": "http://zerodayinitiative.com/advisories/zdi-16-332/"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/90521"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4498"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4498"
      },
      {
        "trust": 0.3,
        "url": "http://panasonic.com/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-332"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      },
      {
        "db": "BID",
        "id": "90521"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "55650ad4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-332"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      },
      {
        "db": "BID",
        "id": "90521"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-17T00:00:00",
        "db": "IVD",
        "id": "55650ad4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-332"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "BID",
        "id": "90521"
      },
      {
        "date": "2016-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "date": "2016-05-12T01:59:13.730000",
        "db": "NVD",
        "id": "CVE-2016-4498"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-332"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03214"
      },
      {
        "date": "2016-07-06T14:40:00",
        "db": "BID",
        "id": "90521"
      },
      {
        "date": "2016-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      },
      {
        "date": "2016-11-28T20:18:26.773000",
        "db": "NVD",
        "id": "CVE-2016-4498"
      },
      {
        "date": "2016-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002711"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation",
    "sources": [
      {
        "db": "IVD",
        "id": "55650ad4-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-199"
      }
    ],
    "trust": 0.8
  }
}

var-201906-0209
Vulnerability from variot

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0209",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "control fpwin pro",
        "scope": null,
        "trust": 2.1,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "control fpwin pro",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "panasonic",
        "version": "7.3.0.0"
      },
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "7.3.0.0"
      },
      {
        "model": "control fpwin pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "panasonic",
        "version": "7.3.0.0"
      },
      {
        "model": "control fpwin pro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "panasonic",
        "version": "7.3.1.0"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-566"
      },
      {
        "db": "BID",
        "id": "108683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6532"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6532"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "9sg Security Team",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-566"
      }
    ],
    "trust": 2.1
  },
  "cve": "CVE-2019-6532",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-6532",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-6532",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.1,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-6532",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2019-6532",
            "trust": 2.1,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6532",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-279",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-279"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-566"
      },
      {
        "db": "BID",
        "id": "108683"
      }
    ],
    "trust": 3.78
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6532",
        "trust": 4.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-157-02",
        "trust": 2.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-568",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-566",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "108683",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005356",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7851",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7850",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-7849",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2044",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-279",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-566"
      },
      {
        "db": "BID",
        "id": "108683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-279"
      }
    ]
  },
  "id": "VAR-201906-0209",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.31896552
  },
  "last_update_date": "2023-12-18T13:33:30.282000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Panasonic has issued an update to correct this vulnerability.",
        "trust": 2.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
      },
      {
        "title": "FPWIN Pro",
        "trust": 0.8,
        "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
      },
      {
        "title": "Panasonic FPWIN Pro Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93360"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-279"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-843",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-704",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6532"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 5.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
      },
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/108683"
      },
      {
        "trust": 2.2,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-570/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-566/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-19-568/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6532"
      },
      {
        "trust": 0.9,
        "url": "http://panasonic.com/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6532"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2044/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-566"
      },
      {
        "db": "BID",
        "id": "108683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-279"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-566"
      },
      {
        "db": "BID",
        "id": "108683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-279"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-566"
      },
      {
        "date": "2019-06-06T00:00:00",
        "db": "BID",
        "id": "108683"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "date": "2019-06-07T14:29:00.480000",
        "db": "NVD",
        "id": "CVE-2019-6532"
      },
      {
        "date": "2019-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-279"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-570"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-19-566"
      },
      {
        "date": "2019-06-06T00:00:00",
        "db": "BID",
        "id": "108683"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005356"
      },
      {
        "date": "2020-10-06T18:11:17.167000",
        "db": "NVD",
        "id": "CVE-2019-6532"
      },
      {
        "date": "2020-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-279"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-279"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic Control FPWIN Pro Project File Parsing sc_obj Type Confusion Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-19-568"
      },
      {
        "db": "ZDI",
        "id": "ZDI-19-570"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-279"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0348
Vulnerability from variot

Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files. A specially-crafted project file can cause a heap buffer overrun in a memcpy call. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0348",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "fpwin pro",
        "scope": null,
        "trust": 1.4,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "fpwin pro",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "7.x"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "5.x from  7.130"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "5.x"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "6.x"
      },
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "\u003c=7.122"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "fpwin pro",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-330"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4499"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Steven Seeley of Source Incite",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-330"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2016-4499",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-4499",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 1.4,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4499",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2016-03213",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "5565f688-2351-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 0.8,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-4499",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4499",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "ZDI",
            "id": "CVE-2016-4499",
            "trust": 1.4,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-03213",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-198",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "5565f688-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-330"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files.  A specially-crafted project file can cause a heap buffer overrun in a memcpy call.  An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4499"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-330"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "db": "BID",
        "id": "90522"
      },
      {
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 3.87
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4499",
        "trust": 4.9
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-131-01",
        "trust": 3.0
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-331",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-330",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "90522",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002712",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3501",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3446",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "5565F688-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-330"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "db": "BID",
        "id": "90522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ]
  },
  "id": "VAR-201605-0348",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      }
    ],
    "trust": 1.1189655200000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:20:30.635000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Panasonic has issued an update to correct this vulnerability.",
        "trust": 1.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
      },
      {
        "title": "FPWIN Pro",
        "trust": 0.8,
        "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
      },
      {
        "title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/75926"
      },
      {
        "title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61516"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-330"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4499"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
      },
      {
        "trust": 1.6,
        "url": "http://zerodayinitiative.com/advisories/zdi-16-330/"
      },
      {
        "trust": 1.6,
        "url": "http://zerodayinitiative.com/advisories/zdi-16-331/"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/90522"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4499"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4499"
      },
      {
        "trust": 0.3,
        "url": "http://panasonic.com/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-330"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "db": "BID",
        "id": "90522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-330"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "db": "BID",
        "id": "90522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-17T00:00:00",
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-330"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "BID",
        "id": "90522"
      },
      {
        "date": "2016-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "date": "2016-05-12T01:59:14.857000",
        "db": "NVD",
        "id": "CVE-2016-4499"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-331"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-330"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "date": "2016-07-06T14:40:00",
        "db": "BID",
        "id": "90522"
      },
      {
        "date": "2016-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002712"
      },
      {
        "date": "2016-11-28T20:18:27.850000",
        "db": "NVD",
        "id": "CVE-2016-4499"
      },
      {
        "date": "2016-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "90522"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro Buffer Overflow Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03213"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "5565f688-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-198"
      }
    ],
    "trust": 0.8
  }
}

var-202312-1096
Vulnerability from variot

Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202312-1096",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "panasonic",
        "version": "7.7.0.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6315"
      }
    ]
  },
  "cve": "CVE-2023-6315",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-6315",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "product-security@gg.jp.panasonic.com",
            "id": "CVE-2023-6315",
            "trust": 1.0,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6315"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-6315"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6315"
      }
    ],
    "trust": 1.0
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-6315",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6315"
      }
    ]
  },
  "id": "VAR-202312-1096",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.31896552
  },
  "last_update_date": "2024-01-03T13:35:21.177000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6315"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6315"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-6315"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-12-19T01:15:12.310000",
        "db": "NVD",
        "id": "CVE-2023-6315"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-02T13:43:51.817000",
        "db": "NVD",
        "id": "CVE-2023-6315"
      }
    ]
  }
}

var-202101-0140
Vulnerability from variot

FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0140",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fpwin pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "panasonic",
        "version": "7.5.0.1"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "version 7.5.0.0"
      },
      {
        "model": "control fpwin pro",
        "scope": null,
        "trust": 0.7,
        "vendor": "panasonic",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-16236"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.5.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-16236"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Francis Provencher {PRL}",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-068"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-16236",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-16236",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA score",
            "availabilityImpact": "High",
            "baseScore": 7.3,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001002",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-16236",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-16236",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2021-001002",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-16236",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-236",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-16236",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-068"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-16236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-16236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-236"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files.  The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure.  An attacker can leverage this vulnerability to execute code in the context of the current process",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-16236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-068"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-16236"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-16236",
        "trust": 3.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-005-02",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVNVU92365365",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-11579",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-068",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0048",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-236",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-16236",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-068"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-16236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-16236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-236"
      }
    ]
  },
  "id": "VAR-202101-0140",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.31896552
  },
  "last_update_date": "2023-12-18T12:35:11.851000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Programming Software Control FPWIN Pro",
        "trust": 0.8,
        "url": "https://industry.panasonic.eu/factory-automation/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
      },
      {
        "title": "Panasonic has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
      },
      {
        "title": "Panasonic FPWIN Pro Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138391"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-236"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-16236"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16236"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu92365365"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16236"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0048/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194260"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-068"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-16236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-16236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-236"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-068"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-16236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-16236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-236"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-068"
      },
      {
        "date": "2021-01-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-16236"
      },
      {
        "date": "2021-01-07T07:38:38",
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "date": "2021-01-26T18:15:39.787000",
        "db": "NVD",
        "id": "CVE-2020-16236"
      },
      {
        "date": "2021-01-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-236"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-068"
      },
      {
        "date": "2021-01-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-16236"
      },
      {
        "date": "2021-01-07T07:38:38",
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      },
      {
        "date": "2021-01-29T00:58:43.103000",
        "db": "NVD",
        "id": "CVE-2020-16236"
      },
      {
        "date": "2021-02-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-236"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-236"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Made by Panasonic  FPWIN Pro Out-of-bounds read vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001002"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-236"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0345
Vulnerability from variot

Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0345",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fpwin pro",
        "scope": null,
        "trust": 2.8,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "panasonic",
        "version": null
      },
      {
        "model": "fpwin pro",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "7.x"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "5.x from  7.130"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "5.x"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "6.x"
      },
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "panasonic",
        "version": "\u003c=7.122"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "fpwin pro",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5562c54e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-333"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4496"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4496"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Steven Seeley of Source Incite",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-333"
      }
    ],
    "trust": 2.8
  },
  "cve": "CVE-2016-4496",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4496",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 3.6,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-03208",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "5562c54e-2351-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 0.8,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-4496",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2016-4496",
            "trust": 2.8,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-4496",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-03208",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-201",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "5562c54e-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5562c54e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-333"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4496"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed  exploit  attempts will likely cause a denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-333"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      },
      {
        "db": "BID",
        "id": "90520"
      },
      {
        "db": "IVD",
        "id": "5562c54e-2351-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 5.13
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4496",
        "trust": 6.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-131-01",
        "trust": 3.0
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-335",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-336",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-337",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-333",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "90520",
        "trust": 1.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-201",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3503",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3502",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3538",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3505",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "5562C54E-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5562c54e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-333"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      },
      {
        "db": "BID",
        "id": "90520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4496"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ]
  },
  "id": "VAR-201605-0345",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "5562c54e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      }
    ],
    "trust": 1.1189655200000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5562c54e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:20:30.720000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Panasonic has issued an update to correct this vulnerability.",
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
      },
      {
        "title": "FPWIN Pro",
        "trust": 0.8,
        "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
      },
      {
        "title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03208)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/75932"
      },
      {
        "title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61519"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-333"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4496"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 5.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
      },
      {
        "trust": 1.6,
        "url": "http://zerodayinitiative.com/advisories/zdi-16-333/"
      },
      {
        "trust": 1.6,
        "url": "http://zerodayinitiative.com/advisories/zdi-16-335/"
      },
      {
        "trust": 1.6,
        "url": "http://zerodayinitiative.com/advisories/zdi-16-336/"
      },
      {
        "trust": 1.6,
        "url": "http://zerodayinitiative.com/advisories/zdi-16-337/"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/90520"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4496"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4496"
      },
      {
        "trust": 0.3,
        "url": "http://panasonic.com/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-333"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      },
      {
        "db": "BID",
        "id": "90520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4496"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "5562c54e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-333"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      },
      {
        "db": "BID",
        "id": "90520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4496"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-17T00:00:00",
        "db": "IVD",
        "id": "5562c54e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-333"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "BID",
        "id": "90520"
      },
      {
        "date": "2016-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "date": "2016-05-12T01:59:11.620000",
        "db": "NVD",
        "id": "CVE-2016-4496"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-335"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-336"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-337"
      },
      {
        "date": "2016-05-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-16-333"
      },
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03208"
      },
      {
        "date": "2016-07-05T22:21:00",
        "db": "BID",
        "id": "90520"
      },
      {
        "date": "2016-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      },
      {
        "date": "2016-11-28T20:18:24.663000",
        "db": "NVD",
        "id": "CVE-2016-4496"
      },
      {
        "date": "2016-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "90520"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic FPWIN Pro Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002709"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "5562c54e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-201"
      }
    ],
    "trust": 0.8
  }
}

var-202312-1251
Vulnerability from variot

Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202312-1251",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "panasonic",
        "version": "7.7.0.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6314"
      }
    ]
  },
  "cve": "CVE-2023-6314",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-6314",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "product-security@gg.jp.panasonic.com",
            "id": "CVE-2023-6314",
            "trust": 1.0,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6314"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-6314"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6314"
      }
    ],
    "trust": 1.0
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-6314",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6314"
      }
    ]
  },
  "id": "VAR-202312-1251",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.31896552
  },
  "last_update_date": "2024-01-03T13:43:36.267000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6314"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6314"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-6314"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-12-19T01:15:12.157000",
        "db": "NVD",
        "id": "CVE-2023-6314"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-02T13:31:21.217000",
        "db": "NVD",
        "id": "CVE-2023-6314"
      }
    ]
  }
}