All the vulnerabilites related to Panasonic - FPWIN Pro
cve-2019-6532
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/108683 | vdb-entry, x_refsource_BID | |
https://www.zerodayinitiative.com/advisories/ZDI-19-568/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-566/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-570/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:21.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02" }, { "name": "108683", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108683" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FPWIN Pro", "vendor": "Panasonic", "versions": [ { "status": "affected", "version": "Version 7.3.0.0 and prior" } ] } ], "datePublic": "2019-06-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (\u0027TYPE CONFUSION\u0027) CWE-843", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-13T17:06:07", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02" }, { "name": "108683", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108683" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-6532", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FPWIN Pro", "version": { "version_data": [ { "version_value": "Version 7.3.0.0 and prior" } ] } } ] }, "vendor_name": "Panasonic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (\u0027TYPE CONFUSION\u0027) CWE-843" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02" }, { "name": "108683", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108683" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6532", "datePublished": "2019-06-07T13:58:48", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:21.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-16236
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:37:54.009Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FPWIN Pro", "vendor": "Panasonic", "versions": [ { "lessThanOrEqual": "Version 7.5.0.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-01-05T00:00:00", "descriptions": [ { "lang": "en", "value": "FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "OUT-OF-BOUNDS READ CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-25T18:46:40", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02" } ], "source": { "discovery": "UNKNOWN" }, "title": "anasonic FPWIN Pro", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-01-05T17:00:00.000Z", "ID": "CVE-2020-16236", "STATE": "PUBLIC", "TITLE": "anasonic FPWIN Pro" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FPWIN Pro", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "Version 7.5.0.0" } ] } } ] }, "vendor_name": "Panasonic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "OUT-OF-BOUNDS READ CWE-125" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-16236", "datePublished": "2021-01-25T18:46:40.532651Z", "dateReserved": "2020-07-31T00:00:00", "dateUpdated": "2024-09-16T22:15:45.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6530
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/108683 | vdb-entry, x_refsource_BID | |
https://www.zerodayinitiative.com/advisories/ZDI-19-565/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-567/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:21.474Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02" }, { "name": "108683", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108683" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FPWIN Pro", "vendor": "Panasonic", "versions": [ { "status": "affected", "version": "Version 7.3.0.0 and prior" } ] } ], "datePublic": "2019-06-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "HEAP-BASED BUFFER OVERFLOW CWE-122", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-13T17:06:06", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02" }, { "name": "108683", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108683" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-6530", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "FPWIN Pro", "version": { "version_data": [ { "version_value": "Version 7.3.0.0 and prior" } ] } } ] }, "vendor_name": "Panasonic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02" }, { "name": "108683", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108683" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6530", "datePublished": "2019-06-07T13:58:17", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:21.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202107-0878
Vulnerability from variot
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. Provided by Panasonic Corporation FPWIN Pro Has XML An external entity reference vulnerability exists. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0878", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fpwin pro", "scope": "lte", "trust": 1.0, "vendor": "panasonic", "version": "7.5.1.1" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.8, "vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": "programming control software v7.5.1.1 and all previous s" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.8, "vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "db": "NVD", "id": "CVE-2021-32972" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5.1.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-32972" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Michael Heinzl reported this vulnerability to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-1943" } ], "trust": 0.6 }, "cve": "CVE-2021-32972", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32972", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "None", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-001896", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-32972", "trust": 1.0, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2021-001896", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-1943", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32972", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-32972" }, { "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "db": "NVD", "id": "CVE-2021-32972" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-1943" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. Provided by Panasonic Corporation FPWIN Pro Has XML An external entity reference vulnerability exists. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-32972" }, { "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-32972" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ICS CERT", "id": "ICSA-21-180-03", "trust": 2.5 }, { "db": "NVD", "id": "CVE-2021-32972", "trust": 2.5 }, { "db": "JVN", "id": "JVNVU95869186", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001896", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021063023", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2282", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-1943", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-32972", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-32972" }, { "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "db": "NVD", "id": "CVE-2021-32972" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-1943" } ] }, "id": "VAR-202107-0878", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.31896552 }, "last_update_date": "2023-12-18T11:45:18.338000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Programming\u00a0Software\u00a0Control\u00a0FPWIN\u00a0Pro", "trust": 0.8, "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro" }, { "title": "Claroty Secure Remote Access Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155675" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "db": "CNNVD", "id": "CNNVD-202106-1943" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-611", "trust": 1.0 }, { "problemtype": "XML Improper restrictions on external entity references (CWE-611) [IPA Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "db": "NVD", "id": "CVE-2021-32972" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95869186" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2282" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021063023" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/611.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-32972" }, { "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "db": "NVD", "id": "CVE-2021-32972" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-1943" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-32972" }, { "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "db": "NVD", "id": "CVE-2021-32972" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-1943" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-09T00:00:00", "db": "VULMON", "id": "CVE-2021-32972" }, { "date": "2021-07-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "date": "2021-07-09T11:15:08.630000", "db": "NVD", "id": "CVE-2021-32972" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-1943" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2021-32972" }, { "date": "2021-07-01T08:48:00", "db": "JVNDB", "id": "JVNDB-2021-001896" }, { "date": "2021-07-13T16:55:28.230000", "db": "NVD", "id": "CVE-2021-32972" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-1943" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-1943" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Made by Panasonic \u00a0FPWIN\u00a0Pro\u00a0 To \u00a0XML\u00a0 Improper restriction vulnerability in external entity reference", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001896" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-201605-0346
Vulnerability from variot
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion.". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0346", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fpwin pro", "scope": "eq", "trust": 1.6, "vendor": "panasonic", "version": null }, { "model": "fpwin pro", "scope": "lt", "trust": 0.8, "vendor": "panasonic", "version": "7.x" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.8, "vendor": "panasonic", "version": "5.x from 7.130" }, { "model": "fpwin pro", "scope": null, "trust": 0.7, "vendor": "panasonic", "version": null }, { "model": "fpwin pro", "scope": "eq", "trust": 0.6, "vendor": "panasonic", "version": "5.x" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.6, "vendor": "panasonic", "version": "6.x" }, { "model": "fpwin pro", "scope": "lte", "trust": 0.6, "vendor": "panasonic", "version": "\u003c=7.122" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "fpwin pro", "version": null } ], "sources": [ { "db": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-334" }, { "db": "CNVD", "id": "CNVD-2016-03215" }, { "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "db": "NVD", "id": "CVE-2016-4497" }, { "db": "CNNVD", "id": "CNNVD-201605-200" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4497" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Steven Seeley of Source Incite", "sources": [ { "db": "ZDI", "id": "ZDI-16-334" } ], "trust": 0.7 }, "cve": "CVE-2016-4497", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-4497", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "CVE-2016-4497", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2016-03215", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "55646fa2-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 0.8, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Local", "author": "NVD", "availabilityImpact": "Low", "baseScore": 4.2, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2016-4497", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-4497", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2016-4497", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2016-03215", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201605-200", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-334" }, { "db": "CNVD", "id": "CNVD-2016-03215" }, { "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "db": "NVD", "id": "CVE-2016-4497" }, { "db": "CNNVD", "id": "CNNVD-201605-200" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a denial-of-service condition", "sources": [ { "db": "NVD", "id": "CVE-2016-4497" }, { "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "db": "ZDI", "id": "ZDI-16-334" }, { "db": "CNVD", "id": "CNVD-2016-03215" }, { "db": "BID", "id": "90523" }, { "db": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4497", "trust": 4.2 }, { "db": "ICS CERT", "id": "ICSA-16-131-01", "trust": 3.0 }, { "db": "ZDI", "id": "ZDI-16-334", "trust": 2.3 }, { "db": "BID", "id": "90523", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2016-03215", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201605-200", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-002710", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3504", "trust": 0.7 }, { "db": "IVD", "id": "55646FA2-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-334" }, { "db": "CNVD", "id": "CNVD-2016-03215" }, { "db": "BID", "id": "90523" }, { "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "db": "NVD", "id": "CVE-2016-4497" }, { "db": "CNNVD", "id": "CNNVD-201605-200" } ] }, "id": "VAR-201605-0346", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-03215" } ], "trust": 1.1189655200000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-03215" } ] }, "last_update_date": "2023-12-18T12:20:30.772000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FPWIN Pro", "trust": 0.8, "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm" }, { "title": "Panasonic has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01" }, { "title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability - CNVD-2016-03215", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/75924" }, { "title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61518" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-334" }, { "db": "CNVD", "id": "CNVD-2016-03215" }, { "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "db": "CNNVD", "id": "CNNVD-201605-200" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "db": "NVD", "id": "CVE-2016-4497" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01" }, { "trust": 1.6, "url": "http://zerodayinitiative.com/advisories/zdi-16-334/" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/90523" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4497" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4497" }, { "trust": 0.3, "url": "http://panasonic.com/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-334" }, { "db": "CNVD", "id": "CNVD-2016-03215" }, { "db": "BID", "id": "90523" }, { "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "db": "NVD", "id": "CVE-2016-4497" }, { "db": "CNNVD", "id": "CNNVD-201605-200" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-334" }, { "db": "CNVD", "id": "CNVD-2016-03215" }, { "db": "BID", "id": "90523" }, { "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "db": "NVD", "id": "CVE-2016-4497" }, { "db": "CNNVD", "id": "CNNVD-201605-200" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-17T00:00:00", "db": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-334" }, { "date": "2016-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2016-03215" }, { "date": "2016-05-10T00:00:00", "db": "BID", "id": "90523" }, { "date": "2016-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "date": "2016-05-12T01:59:12.683000", "db": "NVD", "id": "CVE-2016-4497" }, { "date": "2016-05-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-200" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-334" }, { "date": "2016-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2016-03215" }, { "date": "2016-07-06T14:40:00", "db": "BID", "id": "90523" }, { "date": "2016-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002710" }, { "date": "2016-11-28T20:18:25.663000", "db": "NVD", "id": "CVE-2016-4497" }, { "date": "2016-05-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-200" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-200" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002710" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation", "sources": [ { "db": "IVD", "id": "55646fa2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201605-200" } ], "trust": 0.8 } }
var-201906-0208
Vulnerability from variot
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0208", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "control fpwin pro", "scope": null, "trust": 1.4, "vendor": "panasonic", "version": null }, { "model": "control fpwin pro", "scope": "lte", "trust": 1.0, "vendor": "panasonic", "version": "7.3.0.0" }, { "model": "fpwin pro", "scope": "lte", "trust": 0.8, "vendor": "panasonic", "version": "7.3.0.0" }, { "model": "control fpwin pro", "scope": "eq", "trust": 0.3, "vendor": "panasonic", "version": "7.3.0.0" }, { "model": "control fpwin pro", "scope": "ne", "trust": 0.3, "vendor": "panasonic", "version": "7.3.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-565" }, { "db": "ZDI", "id": "ZDI-19-567" }, { "db": "BID", "id": "108683" }, { "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "db": "NVD", "id": "CVE-2019-6530" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.3.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-6530" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "9sg Security Team", "sources": [ { "db": "ZDI", "id": "ZDI-19-565" }, { "db": "ZDI", "id": "ZDI-19-567" } ], "trust": 1.4 }, "cve": "CVE-2019-6530", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-6530", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-6530", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-6530", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-6530", "trust": 1.8, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2019-6530", "trust": 1.4, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201906-281", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-565" }, { "db": "ZDI", "id": "ZDI-19-567" }, { "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "db": "NVD", "id": "CVE-2019-6530" }, { "db": "CNNVD", "id": "CNNVD-201906-281" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected", "sources": [ { "db": "NVD", "id": "CVE-2019-6530" }, { "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "db": "ZDI", "id": "ZDI-19-565" }, { "db": "ZDI", "id": "ZDI-19-567" }, { "db": "BID", "id": "108683" } ], "trust": 3.15 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6530", "trust": 4.1 }, { "db": "ICS CERT", "id": "ICSA-19-157-02", "trust": 2.7 }, { "db": "ZDI", "id": "ZDI-19-565", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-567", "trust": 2.3 }, { "db": "BID", "id": "108683", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-005355", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7848", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7852", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2044", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201906-281", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-565" }, { "db": "ZDI", "id": "ZDI-19-567" }, { "db": "BID", "id": "108683" }, { "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "db": "NVD", "id": "CVE-2019-6530" }, { "db": "CNNVD", "id": "CNNVD-201906-281" } ] }, "id": "VAR-201906-0208", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.31896552 }, "last_update_date": "2023-12-18T13:33:30.328000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Panasonic has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02" }, { "title": "FPWIN Pro", "trust": 0.8, "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm" }, { "title": "Panasonic FPWIN Pro Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93362" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-565" }, { "db": "ZDI", "id": "ZDI-19-567" }, { "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "db": "CNNVD", "id": "CNNVD-201906-281" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "CWE-119", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "db": "NVD", "id": "CVE-2019-6530" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02" }, { "trust": 2.2, "url": "http://www.securityfocus.com/bid/108683" }, { "trust": 2.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-567/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-565/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6530" }, { "trust": 0.9, "url": "http://panasonic.com/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6530" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2044/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-565" }, { "db": "ZDI", "id": "ZDI-19-567" }, { "db": "BID", "id": "108683" }, { "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "db": "NVD", "id": "CVE-2019-6530" }, { "db": "CNNVD", "id": "CNNVD-201906-281" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-19-565" }, { "db": "ZDI", "id": "ZDI-19-567" }, { "db": "BID", "id": "108683" }, { "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "db": "NVD", "id": "CVE-2019-6530" }, { "db": "CNNVD", "id": "CNNVD-201906-281" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-565" }, { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-567" }, { "date": "2019-06-06T00:00:00", "db": "BID", "id": "108683" }, { "date": "2019-06-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "date": "2019-06-07T14:29:00.400000", "db": "NVD", "id": "CVE-2019-6530" }, { "date": "2019-06-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-281" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-565" }, { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-567" }, { "date": "2019-06-06T00:00:00", "db": "BID", "id": "108683" }, { "date": "2019-06-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "date": "2020-10-16T15:47:04.773000", "db": "NVD", "id": "CVE-2019-6530" }, { "date": "2020-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-281" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-281" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005355" }, { "db": "CNNVD", "id": "CNNVD-201906-281" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-281" } ], "trust": 0.6 } }
var-201605-0347
Vulnerability from variot
Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a local denial-of-service vulnerability. Failed attacks will cause denial-of-service conditions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0347", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fpwin pro", "scope": "eq", "trust": 1.6, "vendor": "panasonic", "version": null }, { "model": "fpwin pro", "scope": "lt", "trust": 0.8, "vendor": "panasonic", "version": "7.x" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.8, "vendor": "panasonic", "version": "5.x from 7.130" }, { "model": "fpwin pro", "scope": null, "trust": 0.7, "vendor": "panasonic", "version": null }, { "model": "fpwin pro", "scope": "eq", "trust": 0.6, "vendor": "panasonic", "version": "5.x" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.6, "vendor": "panasonic", "version": "6.x" }, { "model": "fpwin pro", "scope": "lte", "trust": 0.6, "vendor": "panasonic", "version": "\u003c=7.122" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "fpwin pro", "version": null } ], "sources": [ { "db": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-332" }, { "db": "CNVD", "id": "CNVD-2016-03214" }, { "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "db": "NVD", "id": "CVE-2016-4498" }, { "db": "CNNVD", "id": "CNNVD-201605-199" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4498" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Steven Seeley of Source Incite", "sources": [ { "db": "ZDI", "id": "ZDI-16-332" } ], "trust": 0.7 }, "cve": "CVE-2016-4498", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-4498", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "CVE-2016-4498", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2016-03214", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "55650ad4-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.1, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2016-4498", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-4498", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2016-4498", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2016-03214", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201605-199", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-332" }, { "db": "CNVD", "id": "CNVD-2016-03214" }, { "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "db": "NVD", "id": "CVE-2016-4498" }, { "db": "CNNVD", "id": "CNNVD-201605-199" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a local denial-of-service vulnerability. Failed attacks will cause denial-of-service conditions", "sources": [ { "db": "NVD", "id": "CVE-2016-4498" }, { "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "db": "ZDI", "id": "ZDI-16-332" }, { "db": "CNVD", "id": "CNVD-2016-03214" }, { "db": "BID", "id": "90521" }, { "db": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4498", "trust": 4.2 }, { "db": "ICS CERT", "id": "ICSA-16-131-01", "trust": 3.0 }, { "db": "ZDI", "id": "ZDI-16-332", "trust": 2.3 }, { "db": "BID", "id": "90521", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2016-03214", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201605-199", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-002711", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3456", "trust": 0.7 }, { "db": "IVD", "id": "55650AD4-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-332" }, { "db": "CNVD", "id": "CNVD-2016-03214" }, { "db": "BID", "id": "90521" }, { "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "db": "NVD", "id": "CVE-2016-4498" }, { "db": "CNNVD", "id": "CNNVD-201605-199" } ] }, "id": "VAR-201605-0347", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-03214" } ], "trust": 1.1189655200000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-03214" } ] }, "last_update_date": "2023-12-18T12:20:30.679000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FPWIN Pro", "trust": 0.8, "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm" }, { "title": "Panasonic has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01" }, { "title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03214)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/75925" }, { "title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61517" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-332" }, { "db": "CNVD", "id": "CNVD-2016-03214" }, { "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "db": "CNNVD", "id": "CNNVD-201605-199" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "db": "NVD", "id": "CVE-2016-4498" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01" }, { "trust": 1.6, "url": "http://zerodayinitiative.com/advisories/zdi-16-332/" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/90521" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4498" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4498" }, { "trust": 0.3, "url": "http://panasonic.com/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-332" }, { "db": "CNVD", "id": "CNVD-2016-03214" }, { "db": "BID", "id": "90521" }, { "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "db": "NVD", "id": "CVE-2016-4498" }, { "db": "CNNVD", "id": "CNNVD-201605-199" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-332" }, { "db": "CNVD", "id": "CNVD-2016-03214" }, { "db": "BID", "id": "90521" }, { "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "db": "NVD", "id": "CVE-2016-4498" }, { "db": "CNNVD", "id": "CNNVD-201605-199" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-17T00:00:00", "db": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-332" }, { "date": "2016-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2016-03214" }, { "date": "2016-05-10T00:00:00", "db": "BID", "id": "90521" }, { "date": "2016-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "date": "2016-05-12T01:59:13.730000", "db": "NVD", "id": "CVE-2016-4498" }, { "date": "2016-05-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-199" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-332" }, { "date": "2016-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2016-03214" }, { "date": "2016-07-06T14:40:00", "db": "BID", "id": "90521" }, { "date": "2016-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002711" }, { "date": "2016-11-28T20:18:26.773000", "db": "NVD", "id": "CVE-2016-4498" }, { "date": "2016-05-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-199" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-199" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002711" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation", "sources": [ { "db": "IVD", "id": "55650ad4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201605-199" } ], "trust": 0.8 } }
var-201906-0209
Vulnerability from variot
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0209", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "control fpwin pro", "scope": null, "trust": 2.1, "vendor": "panasonic", "version": null }, { "model": "control fpwin pro", "scope": "lte", "trust": 1.0, "vendor": "panasonic", "version": "7.3.0.0" }, { "model": "fpwin pro", "scope": "lte", "trust": 0.8, "vendor": "panasonic", "version": "7.3.0.0" }, { "model": "control fpwin pro", "scope": "eq", "trust": 0.3, "vendor": "panasonic", "version": "7.3.0.0" }, { "model": "control fpwin pro", "scope": "ne", "trust": 0.3, "vendor": "panasonic", "version": "7.3.1.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-568" }, { "db": "ZDI", "id": "ZDI-19-570" }, { "db": "ZDI", "id": "ZDI-19-566" }, { "db": "BID", "id": "108683" }, { "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "db": "NVD", "id": "CVE-2019-6532" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.3.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-6532" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "9sg Security Team", "sources": [ { "db": "ZDI", "id": "ZDI-19-568" }, { "db": "ZDI", "id": "ZDI-19-570" }, { "db": "ZDI", "id": "ZDI-19-566" } ], "trust": 2.1 }, "cve": "CVE-2019-6532", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-6532", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-6532", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.1, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-6532", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2019-6532", "trust": 2.1, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-6532", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201906-279", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-568" }, { "db": "ZDI", "id": "ZDI-19-570" }, { "db": "ZDI", "id": "ZDI-19-566" }, { "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "db": "NVD", "id": "CVE-2019-6532" }, { "db": "CNNVD", "id": "CNNVD-201906-279" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected", "sources": [ { "db": "NVD", "id": "CVE-2019-6532" }, { "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "db": "ZDI", "id": "ZDI-19-568" }, { "db": "ZDI", "id": "ZDI-19-570" }, { "db": "ZDI", "id": "ZDI-19-566" }, { "db": "BID", "id": "108683" } ], "trust": 3.78 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6532", "trust": 4.8 }, { "db": "ICS CERT", "id": "ICSA-19-157-02", "trust": 2.7 }, { "db": "ZDI", "id": "ZDI-19-568", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-570", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-566", "trust": 2.3 }, { "db": "BID", "id": "108683", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-005356", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7851", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7850", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7849", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2044", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201906-279", "trust": 0.6 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-568" }, { "db": "ZDI", "id": "ZDI-19-570" }, { "db": "ZDI", "id": "ZDI-19-566" }, { "db": "BID", "id": "108683" }, { "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "db": "NVD", "id": "CVE-2019-6532" }, { "db": "CNNVD", "id": "CNNVD-201906-279" } ] }, "id": "VAR-201906-0209", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.31896552 }, "last_update_date": "2023-12-18T13:33:30.282000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Panasonic has issued an update to correct this vulnerability.", "trust": 2.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02" }, { "title": "FPWIN Pro", "trust": 0.8, "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm" }, { "title": "Panasonic FPWIN Pro Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93360" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-568" }, { "db": "ZDI", "id": "ZDI-19-570" }, { "db": "ZDI", "id": "ZDI-19-566" }, { "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "db": "CNNVD", "id": "CNNVD-201906-279" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-843", "trust": 1.0 }, { "problemtype": "CWE-704", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "db": "NVD", "id": "CVE-2019-6532" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 5.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02" }, { "trust": 2.2, "url": "http://www.securityfocus.com/bid/108683" }, { "trust": 2.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-570/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-566/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-568/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6532" }, { "trust": 0.9, "url": "http://panasonic.com/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6532" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2044/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-568" }, { "db": "ZDI", "id": "ZDI-19-570" }, { "db": "ZDI", "id": "ZDI-19-566" }, { "db": "BID", "id": "108683" }, { "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "db": "NVD", "id": "CVE-2019-6532" }, { "db": "CNNVD", "id": "CNNVD-201906-279" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-19-568" }, { "db": "ZDI", "id": "ZDI-19-570" }, { "db": "ZDI", "id": "ZDI-19-566" }, { "db": "BID", "id": "108683" }, { "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "db": "NVD", "id": "CVE-2019-6532" }, { "db": "CNNVD", "id": "CNNVD-201906-279" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-568" }, { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-570" }, { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-566" }, { "date": "2019-06-06T00:00:00", "db": "BID", "id": "108683" }, { "date": "2019-06-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "date": "2019-06-07T14:29:00.480000", "db": "NVD", "id": "CVE-2019-6532" }, { "date": "2019-06-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-279" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-568" }, { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-570" }, { "date": "2019-06-13T00:00:00", "db": "ZDI", "id": "ZDI-19-566" }, { "date": "2019-06-06T00:00:00", "db": "BID", "id": "108683" }, { "date": "2019-06-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005356" }, { "date": "2020-10-06T18:11:17.167000", "db": "NVD", "id": "CVE-2019-6532" }, { "date": "2020-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-279" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-279" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic Control FPWIN Pro Project File Parsing sc_obj Type Confusion Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-19-568" }, { "db": "ZDI", "id": "ZDI-19-570" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-279" } ], "trust": 0.6 } }
var-201605-0348
Vulnerability from variot
Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files. A specially-crafted project file can cause a heap buffer overrun in a memcpy call. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0348", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fpwin pro", "scope": "eq", "trust": 1.6, "vendor": "panasonic", "version": null }, { "model": "fpwin pro", "scope": null, "trust": 1.4, "vendor": "panasonic", "version": null }, { "model": "fpwin pro", "scope": "lt", "trust": 0.8, "vendor": "panasonic", "version": "7.x" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.8, "vendor": "panasonic", "version": "5.x from 7.130" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.6, "vendor": "panasonic", "version": "5.x" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.6, "vendor": "panasonic", "version": "6.x" }, { "model": "fpwin pro", "scope": "lte", "trust": 0.6, "vendor": "panasonic", "version": "\u003c=7.122" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "fpwin pro", "version": null } ], "sources": [ { "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-331" }, { "db": "ZDI", "id": "ZDI-16-330" }, { "db": "CNVD", "id": "CNVD-2016-03213" }, { "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "db": "NVD", "id": "CVE-2016-4499" }, { "db": "CNNVD", "id": "CNNVD-201605-198" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4499" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Steven Seeley of Source Incite", "sources": [ { "db": "ZDI", "id": "ZDI-16-331" }, { "db": "ZDI", "id": "ZDI-16-330" } ], "trust": 1.4 }, "cve": "CVE-2016-4499", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2016-4499", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 1.4, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-4499", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "CNVD-2016-03213", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "5565f688-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 0.8, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Local", "author": "NVD", "availabilityImpact": "Low", "baseScore": 4.2, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2016-4499", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-4499", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2016-4499", "trust": 1.4, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2016-03213", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201605-198", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-331" }, { "db": "ZDI", "id": "ZDI-16-330" }, { "db": "CNVD", "id": "CNVD-2016-03213" }, { "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "db": "NVD", "id": "CVE-2016-4499" }, { "db": "CNNVD", "id": "CNNVD-201605-198" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files. A specially-crafted project file can cause a heap buffer overrun in a memcpy call. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan", "sources": [ { "db": "NVD", "id": "CVE-2016-4499" }, { "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "db": "ZDI", "id": "ZDI-16-331" }, { "db": "ZDI", "id": "ZDI-16-330" }, { "db": "CNVD", "id": "CNVD-2016-03213" }, { "db": "BID", "id": "90522" }, { "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" } ], "trust": 3.87 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4499", "trust": 4.9 }, { "db": "ICS CERT", "id": "ICSA-16-131-01", "trust": 3.0 }, { "db": "ZDI", "id": "ZDI-16-331", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-16-330", "trust": 2.3 }, { "db": "BID", "id": "90522", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2016-03213", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201605-198", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-002712", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3501", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3446", "trust": 0.7 }, { "db": "IVD", "id": "5565F688-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-331" }, { "db": "ZDI", "id": "ZDI-16-330" }, { "db": "CNVD", "id": "CNVD-2016-03213" }, { "db": "BID", "id": "90522" }, { "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "db": "NVD", "id": "CVE-2016-4499" }, { "db": "CNNVD", "id": "CNNVD-201605-198" } ] }, "id": "VAR-201605-0348", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-03213" } ], "trust": 1.1189655200000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-03213" } ] }, "last_update_date": "2023-12-18T12:20:30.635000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Panasonic has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01" }, { "title": "FPWIN Pro", "trust": 0.8, "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm" }, { "title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/75926" }, { "title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61516" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-331" }, { "db": "ZDI", "id": "ZDI-16-330" }, { "db": "CNVD", "id": "CNVD-2016-03213" }, { "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "db": "CNNVD", "id": "CNNVD-201605-198" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "db": "NVD", "id": "CVE-2016-4499" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01" }, { "trust": 1.6, "url": "http://zerodayinitiative.com/advisories/zdi-16-330/" }, { "trust": 1.6, "url": "http://zerodayinitiative.com/advisories/zdi-16-331/" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/90522" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4499" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4499" }, { "trust": 0.3, "url": "http://panasonic.com/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-331" }, { "db": "ZDI", "id": "ZDI-16-330" }, { "db": "CNVD", "id": "CNVD-2016-03213" }, { "db": "BID", "id": "90522" }, { "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "db": "NVD", "id": "CVE-2016-4499" }, { "db": "CNNVD", "id": "CNNVD-201605-198" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-331" }, { "db": "ZDI", "id": "ZDI-16-330" }, { "db": "CNVD", "id": "CNVD-2016-03213" }, { "db": "BID", "id": "90522" }, { "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "db": "NVD", "id": "CVE-2016-4499" }, { "db": "CNNVD", "id": "CNNVD-201605-198" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-17T00:00:00", "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-331" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-330" }, { "date": "2016-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2016-03213" }, { "date": "2016-05-10T00:00:00", "db": "BID", "id": "90522" }, { "date": "2016-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "date": "2016-05-12T01:59:14.857000", "db": "NVD", "id": "CVE-2016-4499" }, { "date": "2016-05-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-198" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-331" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-330" }, { "date": "2016-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2016-03213" }, { "date": "2016-07-06T14:40:00", "db": "BID", "id": "90522" }, { "date": "2016-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002712" }, { "date": "2016-11-28T20:18:27.850000", "db": "NVD", "id": "CVE-2016-4499" }, { "date": "2016-05-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-198" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "90522" }, { "db": "CNNVD", "id": "CNNVD-201605-198" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-03213" }, { "db": "CNNVD", "id": "CNNVD-201605-198" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "5565f688-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201605-198" } ], "trust": 0.8 } }
var-202312-1096
Vulnerability from variot
Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202312-1096", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fpwin pro", "scope": "lte", "trust": 1.0, "vendor": "panasonic", "version": "7.7.0.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6315" } ] }, "cve": "CVE-2023-6315", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-6315", "trust": 1.0, "value": "HIGH" }, { "author": "product-security@gg.jp.panasonic.com", "id": "CVE-2023-6315", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6315" }, { "db": "NVD", "id": "CVE-2023-6315" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.", "sources": [ { "db": "NVD", "id": "CVE-2023-6315" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-6315", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6315" } ] }, "id": "VAR-202312-1096", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.31896552 }, "last_update_date": "2024-01-03T13:35:21.177000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6315" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6315" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2023-6315" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-19T01:15:12.310000", "db": "NVD", "id": "CVE-2023-6315" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-01-02T13:43:51.817000", "db": "NVD", "id": "CVE-2023-6315" } ] } }
var-202101-0140
Vulnerability from variot
FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0140", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fpwin pro", "scope": "lt", "trust": 1.0, "vendor": "panasonic", "version": "7.5.0.1" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.8, "vendor": "panasonic", "version": "version 7.5.0.0" }, { "model": "control fpwin pro", "scope": null, "trust": 0.7, "vendor": "panasonic", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-068" }, { "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "db": "NVD", "id": "CVE-2020-16236" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.5.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-16236" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Francis Provencher {PRL}", "sources": [ { "db": "ZDI", "id": "ZDI-21-068" } ], "trust": 0.7 }, "cve": "CVE-2020-16236", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-16236", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA score", "availabilityImpact": "High", "baseScore": 7.3, "baseSeverity": "High", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2021-001002", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-16236", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-16236", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001002", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2020-16236", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-236", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-16236", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-068" }, { "db": "VULMON", "id": "CVE-2020-16236" }, { "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "db": "NVD", "id": "CVE-2020-16236" }, { "db": "CNNVD", "id": "CNNVD-202101-236" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process", "sources": [ { "db": "NVD", "id": "CVE-2020-16236" }, { "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "db": "ZDI", "id": "ZDI-21-068" }, { "db": "VULMON", "id": "CVE-2020-16236" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-16236", "trust": 3.2 }, { "db": "ICS CERT", "id": "ICSA-21-005-02", "trust": 2.5 }, { "db": "JVN", "id": "JVNVU92365365", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001002", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-11579", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-21-068", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.0048", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-236", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-16236", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-068" }, { "db": "VULMON", "id": "CVE-2020-16236" }, { "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "db": "NVD", "id": "CVE-2020-16236" }, { "db": "CNNVD", "id": "CNNVD-202101-236" } ] }, "id": "VAR-202101-0140", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.31896552 }, "last_update_date": "2023-12-18T12:35:11.851000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Programming Software Control FPWIN Pro", "trust": 0.8, "url": "https://industry.panasonic.eu/factory-automation/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro" }, { "title": "Panasonic has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02" }, { "title": "Panasonic FPWIN Pro Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138391" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-068" }, { "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "db": "CNNVD", "id": "CNNVD-202101-236" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "db": "NVD", "id": "CVE-2020-16236" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16236" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu92365365" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16236" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0048/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194260" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-068" }, { "db": "VULMON", "id": "CVE-2020-16236" }, { "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "db": "NVD", "id": "CVE-2020-16236" }, { "db": "CNNVD", "id": "CNNVD-202101-236" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-21-068" }, { "db": "VULMON", "id": "CVE-2020-16236" }, { "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "db": "NVD", "id": "CVE-2020-16236" }, { "db": "CNNVD", "id": "CNNVD-202101-236" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-068" }, { "date": "2021-01-26T00:00:00", "db": "VULMON", "id": "CVE-2020-16236" }, { "date": "2021-01-07T07:38:38", "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "date": "2021-01-26T18:15:39.787000", "db": "NVD", "id": "CVE-2020-16236" }, { "date": "2021-01-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-236" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-14T00:00:00", "db": "ZDI", "id": "ZDI-21-068" }, { "date": "2021-01-29T00:00:00", "db": "VULMON", "id": "CVE-2020-16236" }, { "date": "2021-01-07T07:38:38", "db": "JVNDB", "id": "JVNDB-2021-001002" }, { "date": "2021-01-29T00:58:43.103000", "db": "NVD", "id": "CVE-2020-16236" }, { "date": "2021-02-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-236" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-236" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Made by Panasonic FPWIN Pro Out-of-bounds read vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001002" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-236" } ], "trust": 0.6 } }
var-201605-0345
Vulnerability from variot
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0345", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fpwin pro", "scope": null, "trust": 2.8, "vendor": "panasonic", "version": null }, { "model": "fpwin pro", "scope": "eq", "trust": 1.6, "vendor": "panasonic", "version": null }, { "model": "fpwin pro", "scope": "lt", "trust": 0.8, "vendor": "panasonic", "version": "7.x" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.8, "vendor": "panasonic", "version": "5.x from 7.130" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.6, "vendor": "panasonic", "version": "5.x" }, { "model": "fpwin pro", "scope": "eq", "trust": 0.6, "vendor": "panasonic", "version": "6.x" }, { "model": "fpwin pro", "scope": "lte", "trust": 0.6, "vendor": "panasonic", "version": "\u003c=7.122" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "fpwin pro", "version": null } ], "sources": [ { "db": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-335" }, { "db": "ZDI", "id": "ZDI-16-336" }, { "db": "ZDI", "id": "ZDI-16-337" }, { "db": "ZDI", "id": "ZDI-16-333" }, { "db": "CNVD", "id": "CNVD-2016-03208" }, { "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "db": "NVD", "id": "CVE-2016-4496" }, { "db": "CNNVD", "id": "CNNVD-201605-201" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4496" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Steven Seeley of Source Incite", "sources": [ { "db": "ZDI", "id": "ZDI-16-335" }, { "db": "ZDI", "id": "ZDI-16-336" }, { "db": "ZDI", "id": "ZDI-16-337" }, { "db": "ZDI", "id": "ZDI-16-333" } ], "trust": 2.8 }, "cve": "CVE-2016-4496", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-4496", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 3.6, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2016-03208", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "5562c54e-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 0.8, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Local", "author": "NVD", "availabilityImpact": "Low", "baseScore": 4.2, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2016-4496", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2016-4496", "trust": 2.8, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2016-4496", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2016-03208", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201605-201", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-335" }, { "db": "ZDI", "id": "ZDI-16-336" }, { "db": "ZDI", "id": "ZDI-16-337" }, { "db": "ZDI", "id": "ZDI-16-333" }, { "db": "CNVD", "id": "CNVD-2016-03208" }, { "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "db": "NVD", "id": "CVE-2016-4496" }, { "db": "CNNVD", "id": "CNNVD-201605-201" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition", "sources": [ { "db": "NVD", "id": "CVE-2016-4496" }, { "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "db": "ZDI", "id": "ZDI-16-335" }, { "db": "ZDI", "id": "ZDI-16-336" }, { "db": "ZDI", "id": "ZDI-16-337" }, { "db": "ZDI", "id": "ZDI-16-333" }, { "db": "CNVD", "id": "CNVD-2016-03208" }, { "db": "BID", "id": "90520" }, { "db": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d" } ], "trust": 5.13 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4496", "trust": 6.3 }, { "db": "ICS CERT", "id": "ICSA-16-131-01", "trust": 3.0 }, { "db": "ZDI", "id": "ZDI-16-335", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-16-336", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-16-337", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-16-333", "trust": 2.3 }, { "db": "BID", "id": "90520", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2016-03208", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201605-201", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-002709", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3503", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3502", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3538", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3505", "trust": 0.7 }, { "db": "IVD", "id": "5562C54E-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-335" }, { "db": "ZDI", "id": "ZDI-16-336" }, { "db": "ZDI", "id": "ZDI-16-337" }, { "db": "ZDI", "id": "ZDI-16-333" }, { "db": "CNVD", "id": "CNVD-2016-03208" }, { "db": "BID", "id": "90520" }, { "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "db": "NVD", "id": "CVE-2016-4496" }, { "db": "CNNVD", "id": "CNNVD-201605-201" } ] }, "id": "VAR-201605-0345", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-03208" } ], "trust": 1.1189655200000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-03208" } ] }, "last_update_date": "2023-12-18T12:20:30.720000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Panasonic has issued an update to correct this vulnerability.", "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01" }, { "title": "FPWIN Pro", "trust": 0.8, "url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm" }, { "title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03208)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/75932" }, { "title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61519" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-335" }, { "db": "ZDI", "id": "ZDI-16-336" }, { "db": "ZDI", "id": "ZDI-16-337" }, { "db": "ZDI", "id": "ZDI-16-333" }, { "db": "CNVD", "id": "CNVD-2016-03208" }, { "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "db": "CNNVD", "id": "CNNVD-201605-201" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "db": "NVD", "id": "CVE-2016-4496" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 5.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01" }, { "trust": 1.6, "url": "http://zerodayinitiative.com/advisories/zdi-16-333/" }, { "trust": 1.6, "url": "http://zerodayinitiative.com/advisories/zdi-16-335/" }, { "trust": 1.6, "url": "http://zerodayinitiative.com/advisories/zdi-16-336/" }, { "trust": 1.6, "url": "http://zerodayinitiative.com/advisories/zdi-16-337/" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/90520" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4496" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4496" }, { "trust": 0.3, "url": "http://panasonic.com/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-335" }, { "db": "ZDI", "id": "ZDI-16-336" }, { "db": "ZDI", "id": "ZDI-16-337" }, { "db": "ZDI", "id": "ZDI-16-333" }, { "db": "CNVD", "id": "CNVD-2016-03208" }, { "db": "BID", "id": "90520" }, { "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "db": "NVD", "id": "CVE-2016-4496" }, { "db": "CNNVD", "id": "CNNVD-201605-201" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-335" }, { "db": "ZDI", "id": "ZDI-16-336" }, { "db": "ZDI", "id": "ZDI-16-337" }, { "db": "ZDI", "id": "ZDI-16-333" }, { "db": "CNVD", "id": "CNVD-2016-03208" }, { "db": "BID", "id": "90520" }, { "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "db": "NVD", "id": "CVE-2016-4496" }, { "db": "CNNVD", "id": "CNNVD-201605-201" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-17T00:00:00", "db": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-335" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-336" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-337" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-333" }, { "date": "2016-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2016-03208" }, { "date": "2016-05-10T00:00:00", "db": "BID", "id": "90520" }, { "date": "2016-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "date": "2016-05-12T01:59:11.620000", "db": "NVD", "id": "CVE-2016-4496" }, { "date": "2016-05-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-201" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-335" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-336" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-337" }, { "date": "2016-05-11T00:00:00", "db": "ZDI", "id": "ZDI-16-333" }, { "date": "2016-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2016-03208" }, { "date": "2016-07-05T22:21:00", "db": "BID", "id": "90520" }, { "date": "2016-05-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002709" }, { "date": "2016-11-28T20:18:24.663000", "db": "NVD", "id": "CVE-2016-4496" }, { "date": "2016-05-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-201" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "90520" }, { "db": "CNNVD", "id": "CNNVD-201605-201" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002709" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "5562c54e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201605-201" } ], "trust": 0.8 } }
var-202312-1251
Vulnerability from variot
Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202312-1251", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fpwin pro", "scope": "lte", "trust": 1.0, "vendor": "panasonic", "version": "7.7.0.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6314" } ] }, "cve": "CVE-2023-6314", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-6314", "trust": 1.0, "value": "HIGH" }, { "author": "product-security@gg.jp.panasonic.com", "id": "CVE-2023-6314", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6314" }, { "db": "NVD", "id": "CVE-2023-6314" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.", "sources": [ { "db": "NVD", "id": "CVE-2023-6314" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-6314", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6314" } ] }, "id": "VAR-202312-1251", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.31896552 }, "last_update_date": "2024-01-03T13:43:36.267000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6314" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-6314" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2023-6314" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-19T01:15:12.157000", "db": "NVD", "id": "CVE-2023-6314" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-01-02T13:31:21.217000", "db": "NVD", "id": "CVE-2023-6314" } ] } }