Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
89 vulnerabilities by panasonic
CVE-2025-11223 (GCVE-0-2025-11223)
Vulnerability from nvd – Published: 2025-10-03 08:02 – Updated: 2025-10-03 15:54- CWE-427 - Uncontrolled Search Path Element
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | AutoDownloader |
Affected:
1.2.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T15:54:35.950493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T15:54:47.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoDownloader",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "1.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eInstaller of \u003c/span\u003e\n\nPanasonic \n\nAutoDownloader \n\n\n\n version 1.2.8\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003econtains an issue with the DLL search path, which may lead to loading \n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003ea crafted DLL file in the same directory\u003c/span\u003e.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Installer of \n\nPanasonic \n\nAutoDownloader \n\n\n\n version 1.2.8\ncontains an issue with the DLL search path, which may lead to loading \n\na crafted DLL file in the same directory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T08:02:18.567Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://content.connect.panasonic.com/jp-ja/fai/file/66248"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2025-11223",
"datePublished": "2025-10-03T08:02:18.567Z",
"dateReserved": "2025-10-01T01:04:30.843Z",
"dateUpdated": "2025-10-03T15:54:47.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1073 (GCVE-0-2025-1073)
Vulnerability from nvd – Published: 2025-04-10 11:16 – Updated: 2025-04-15 03:39- CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | IR Control Hub (IR Blaster) |
Affected:
1.17 and earlier
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:01:42.557304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:02:23.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IR Control Hub (IR Blaster)",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "1.17 and earlier",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shravan Singh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.\n\n\u003cbr\u003e"
}
],
"value": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T03:39:35.888Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://lsin.panasonic.com/release-notes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2025-1073",
"datePublished": "2025-04-10T11:16:33.999Z",
"dateReserved": "2025-02-06T06:36:17.394Z",
"dateUpdated": "2025-04-15T03:39:35.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6315 (GCVE-0-2023-6315)
Vulnerability from nvd – Published: 2023-12-19 00:25 – Updated: 2024-09-24 14:14- CWE-125 - Out-of-bounds Read
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | Control FPWIN Pro |
Affected:
n/a , ≤ 7.7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T17:25:56.645189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:14:13.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"lessThanOrEqual": "7.7.0.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"value": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T00:25:12.122Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2023-6315",
"datePublished": "2023-12-19T00:25:12.122Z",
"dateReserved": "2023-11-27T05:48:37.067Z",
"dateUpdated": "2024-09-24T14:14:13.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6314 (GCVE-0-2023-6314)
Vulnerability from nvd – Published: 2023-12-19 00:24 – Updated: 2024-08-27 19:01| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | Control FPWIN Pro |
Affected:
n/a , ≤ 7.7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T19:00:42.507828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:01:32.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"lessThanOrEqual": "7.7.0.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"value": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T00:24:37.946Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2023-6314",
"datePublished": "2023-12-19T00:24:37.946Z",
"dateReserved": "2023-11-27T05:48:34.594Z",
"dateUpdated": "2024-08-27T19:01:32.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11223 (GCVE-0-2025-11223)
Vulnerability from cvelistv5 – Published: 2025-10-03 08:02 – Updated: 2025-10-03 15:54- CWE-427 - Uncontrolled Search Path Element
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | AutoDownloader |
Affected:
1.2.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T15:54:35.950493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T15:54:47.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoDownloader",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "1.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eInstaller of \u003c/span\u003e\n\nPanasonic \n\nAutoDownloader \n\n\n\n version 1.2.8\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003econtains an issue with the DLL search path, which may lead to loading \n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003ea crafted DLL file in the same directory\u003c/span\u003e.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Installer of \n\nPanasonic \n\nAutoDownloader \n\n\n\n version 1.2.8\ncontains an issue with the DLL search path, which may lead to loading \n\na crafted DLL file in the same directory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T08:02:18.567Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://content.connect.panasonic.com/jp-ja/fai/file/66248"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2025-11223",
"datePublished": "2025-10-03T08:02:18.567Z",
"dateReserved": "2025-10-01T01:04:30.843Z",
"dateUpdated": "2025-10-03T15:54:47.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1073 (GCVE-0-2025-1073)
Vulnerability from cvelistv5 – Published: 2025-04-10 11:16 – Updated: 2025-04-15 03:39- CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | IR Control Hub (IR Blaster) |
Affected:
1.17 and earlier
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:01:42.557304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:02:23.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IR Control Hub (IR Blaster)",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "1.17 and earlier",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shravan Singh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.\n\n\u003cbr\u003e"
}
],
"value": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T03:39:35.888Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://lsin.panasonic.com/release-notes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2025-1073",
"datePublished": "2025-04-10T11:16:33.999Z",
"dateReserved": "2025-02-06T06:36:17.394Z",
"dateUpdated": "2025-04-15T03:39:35.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6315 (GCVE-0-2023-6315)
Vulnerability from cvelistv5 – Published: 2023-12-19 00:25 – Updated: 2024-09-24 14:14- CWE-125 - Out-of-bounds Read
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | Control FPWIN Pro |
Affected:
n/a , ≤ 7.7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T17:25:56.645189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:14:13.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"lessThanOrEqual": "7.7.0.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"value": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T00:25:12.122Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2023-6315",
"datePublished": "2023-12-19T00:25:12.122Z",
"dateReserved": "2023-11-27T05:48:37.067Z",
"dateUpdated": "2024-09-24T14:14:13.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6314 (GCVE-0-2023-6314)
Vulnerability from cvelistv5 – Published: 2023-12-19 00:24 – Updated: 2024-08-27 19:01| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | Control FPWIN Pro |
Affected:
n/a , ≤ 7.7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T19:00:42.507828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:01:32.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"lessThanOrEqual": "7.7.0.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"value": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T00:24:37.946Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2023-6314",
"datePublished": "2023-12-19T00:24:37.946Z",
"dateReserved": "2023-11-27T05:48:34.594Z",
"dateUpdated": "2024-08-27T19:01:32.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202307-1941
Vulnerability from variot - Updated: 2024-04-27 12:22A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.6.0.3"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "7 ver. 7.6.0.3 and earlier"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"cve": "CVE-2023-28728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "product-security@gg.jp.panasonic.com",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002906",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "VULMON",
"id": "CVE-2023-28728"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-28728",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU96622721",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-192-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-28728",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"id": "VAR-202307-1941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2024-04-27T12:22:09.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "software \u00a0\u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 download Panasonic",
"trust": 0.8,
"url": "https://www3.panasonic.biz/ac/j/dl/software/index.jsp?series_cd=3359"
},
{
"title": "Panasonic Control FPWIN Pro Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=247071"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Mistake of type (CWE-843) [ others ]",
"trust": 0.8
},
{
"problemtype": " Buffer error (CWE-119) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96622721/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28730"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28728"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28729"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-28728/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-21T07:15:09.707000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2024-04-18T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-31T20:58:56.437000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic\u00a0 Made \u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
],
"trust": 0.6
}
}
VAR-202312-1251
Vulnerability from variot - Updated: 2024-01-03 13:43Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.7.0.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6314"
}
]
},
"cve": "CVE-2023-6314",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-6314",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "product-security@gg.jp.panasonic.com",
"id": "CVE-2023-6314",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6314"
},
{
"db": "NVD",
"id": "CVE-2023-6314"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6314"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6314",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6314"
}
]
},
"id": "VAR-202312-1251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2024-01-03T13:43:36.267000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6314"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6314"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6314"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-19T01:15:12.157000",
"db": "NVD",
"id": "CVE-2023-6314"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-02T13:31:21.217000",
"db": "NVD",
"id": "CVE-2023-6314"
}
]
}
}
VAR-202312-1096
Vulnerability from variot - Updated: 2024-01-03 13:35Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.7.0.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"cve": "CVE-2023-6315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-6315",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "product-security@gg.jp.panasonic.com",
"id": "CVE-2023-6315",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
},
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6315",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"id": "VAR-202312-1096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2024-01-03T13:35:21.177000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-19T01:15:12.310000",
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-02T13:43:51.817000",
"db": "NVD",
"id": "CVE-2023-6315"
}
]
}
}
VAR-201410-0978
Vulnerability from variot - Updated: 2023-12-18 13:48Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory.". User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the GetImageDataPrint method of the WebVideoCam ActiveX control. The issue lies in the ability to nullify an arbitrary address in memory. An attacker can leverage this vulnerability to execute code under the context of the current process. Panasonic Network Camera View is a webcam viewing app. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0978",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network camera view",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "4.0"
},
{
"model": "network camera view",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.0"
},
{
"model": "network camera view",
"scope": "eq",
"trust": 1.4,
"vendor": "panasonic",
"version": "3"
},
{
"model": "network camera view",
"scope": "eq",
"trust": 1.4,
"vendor": "panasonic",
"version": "4"
},
{
"model": "network camera view",
"scope": null,
"trust": 0.7,
"vendor": "panasonic",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "network camera view",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "network camera view",
"version": "4.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:network_camera_view:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:panasonic:network_camera_view:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8755"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-364"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8755",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8755",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8755",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07344",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-76700",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8755",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2014-8755",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-07344",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-597",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76700",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "VULHUB",
"id": "VHN-76700"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to \"the ability to nullify an arbitrary address in memory.\". User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the GetImageDataPrint method of the WebVideoCam ActiveX control. The issue lies in the ability to nullify an arbitrary address in memory. An attacker can leverage this vulnerability to execute code under the context of the current process. Panasonic Network Camera View is a webcam viewing app. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8755"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "BID",
"id": "70593"
},
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76700"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8755",
"trust": 4.3
},
{
"db": "ZDI",
"id": "ZDI-14-364",
"trust": 3.8
},
{
"db": "BID",
"id": "70593",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-07344",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2357",
"trust": 0.7
},
{
"db": "IVD",
"id": "C4A09E04-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76700",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "VULHUB",
"id": "VHN-76700"
},
{
"db": "BID",
"id": "70593"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
]
},
"id": "VAR-201410-0978",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "VULHUB",
"id": "VHN-76700"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
}
]
},
"last_update_date": "2023-12-18T13:48:57.447000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Update for Network Camera View 3,4",
"trust": 1.5,
"url": "http://security.panasonic.com/pss/security/library/howto_update_ncv.html"
},
{
"title": "Panasonic Network Camera View WebVideoCam ActiveX Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/51309"
},
{
"title": "nwcv_3_4_update",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52078"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76700"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-14-364/"
},
{
"trust": 2.4,
"url": "http://security.panasonic.com/pss/security/library/howto_update_ncv.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8755"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8755"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "VULHUB",
"id": "VHN-76700"
},
{
"db": "BID",
"id": "70593"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "VULHUB",
"id": "VHN-76700"
},
{
"db": "BID",
"id": "70593"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-24T00:00:00",
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-10-14T00:00:00",
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"date": "2014-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"date": "2014-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-76700"
},
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "70593"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"date": "2014-10-17T15:55:08.430000",
"db": "NVD",
"id": "CVE-2014-8755"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"date": "2014-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"date": "2014-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-76700"
},
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "70593"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"date": "2014-12-16T20:07:25.397000",
"db": "NVD",
"id": "CVE-2014-8755"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Network Camera View WebVideoCam ActiveX Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "BID",
"id": "70593"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
],
"trust": 0.8
}
}
VAR-201901-0829
Vulnerability from variot - Updated: 2023-12-18 13:33An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths (CWE-428). Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.If a malicious executable is placed on a certain path, it may be executed with the elevated privilege. PanasonicPC is a computer device from Matsushita Electric Industrial Co., Ltd. of Japan. An attacker could exploit the vulnerability to execute files with elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0829",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pc windows",
"scope": "eq",
"trust": 1.2,
"vendor": "panasonic",
"version": "7"
},
{
"model": "system interface device 0021",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
},
{
"model": "system interface device 0040",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
},
{
"model": "multiple computers",
"scope": null,
"trust": 0.8,
"vendor": "panasonic",
"version": null
},
{
"model": "pc windows",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "8"
},
{
"model": "pc windows",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "8.1"
},
{
"model": "pc windows",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:system_interface_device_0021:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8:*:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:system_interface_device_0040:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8:*:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"cve": "CVE-2018-16183",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000123",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-24473",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000123",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-16183",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2018-000123",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-24473",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-917",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths (CWE-428). Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.If a malicious executable is placed on a certain path, it may be executed with the elevated privilege. PanasonicPC is a computer device from Matsushita Electric Industrial Co., Ltd. of Japan. An attacker could exploit the vulnerability to execute files with elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16183"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "CNVD",
"id": "CNVD-2018-24473"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16183",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN36895151",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2018-24473",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
]
},
"id": "VAR-201901-0829",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
}
]
},
"last_update_date": "2023-12-18T13:33:38.308000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Remediate Service Path Vulnerability Utility (V1.00L10 M02) Panasonic PC in which Windows 10, Windows 8.1, Windows 8 and Windows 7 are pre-installed",
"trust": 0.8,
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
},
{
"title": "PanasonicPC registers patches for non-referenced service path vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/146105"
},
{
"title": "Panasonic PC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87335"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://jvn.jp/en/jp/jvn36895151/index.html"
},
{
"trust": 1.6,
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16183"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000123.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"date": "2019-01-09T23:29:03.967000",
"db": "NVD",
"id": "CVE-2018-16183"
},
{
"date": "2018-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"date": "2019-02-26T17:52:37.573000",
"db": "NVD",
"id": "CVE-2018-16183"
},
{
"date": "2019-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic applications register unquoted service paths",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
],
"trust": 0.6
}
}
VAR-201906-0208
Vulnerability from variot - Updated: 2023-12-18 13:33Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": null,
"trust": 1.4,
"vendor": "panasonic",
"version": null
},
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "ne",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.1.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "9sg Security Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
}
],
"trust": 1.4
},
"cve": "CVE-2019-6530",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6530",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6530",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6530",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6530",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2019-6530",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-281",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6530",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-157-02",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-19-565",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-567",
"trust": 2.3
},
{
"db": "BID",
"id": "108683",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7848",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7852",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"id": "VAR-201906-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2023-12-18T13:33:30.328000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic FPWIN Pro Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93362"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/108683"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-567/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-565/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6530"
},
{
"trust": 0.9,
"url": "http://panasonic.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6530"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2044/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"date": "2019-06-07T14:29:00.400000",
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"date": "2019-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"date": "2020-10-16T15:47:04.773000",
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
],
"trust": 0.6
}
}
VAR-201906-0209
Vulnerability from variot - Updated: 2023-12-18 13:33Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": null,
"trust": 2.1,
"vendor": "panasonic",
"version": null
},
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "ne",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.1.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "9sg Security Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
}
],
"trust": 2.1
},
"cve": "CVE-2019-6532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6532",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6532",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6532",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-6532",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6532",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-279",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6532",
"trust": 4.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-157-02",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-19-568",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-570",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-566",
"trust": 2.3
},
{
"db": "BID",
"id": "108683",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7851",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7850",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7849",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"id": "VAR-201906-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2023-12-18T13:33:30.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic FPWIN Pro Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93360"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.0
},
{
"problemtype": "CWE-704",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/108683"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-570/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-566/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-568/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6532"
},
{
"trust": 0.9,
"url": "http://panasonic.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6532"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2044/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"date": "2019-06-07T14:29:00.480000",
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"date": "2019-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"date": "2020-10-06T18:11:17.167000",
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Control FPWIN Pro Project File Parsing sc_obj Type Confusion Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
],
"trust": 0.6
}
}
VAR-201911-0541
Vulnerability from variot - Updated: 2023-12-18 13:33The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Panasonic Eluga Ray 530 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Panasonic Eluga Ray 530 is a smart phone from Japan's Panasonic. An attacker could use this vulnerability to modify system properties
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0541",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eluga ray 530",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga ray 530",
"scope": null,
"trust": 0.8,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga ray",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "530"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:panasonic:eluga_ray_530_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:panasonic:eluga_ray_530:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"cve": "CVE-2019-15376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15376",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-15994",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15376",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15376",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-15994",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-878",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Panasonic Eluga Ray 530 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Panasonic Eluga Ray 530 is a smart phone from Japan\u0027s Panasonic. An attacker could use this vulnerability to modify system properties",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15376"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "CNVD",
"id": "CNVD-2020-15994"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15376",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15994",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
]
},
"id": "VAR-201911-0541",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
}
]
},
"last_update_date": "2023-12-18T13:33:15.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ELUGA RAY 530",
"trust": 0.8,
"url": "https://mobile.panasonic.com/in/smartphones/eluga-ray-530"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-862",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.kryptowire.com/android-firmware-2019/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15376"
},
{
"trust": 1.6,
"url": "https://mobile.panasonic.com/in/advisory"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15376"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"date": "2019-11-14T17:15:18.147000",
"db": "NVD",
"id": "CVE-2019-15376"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15376"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Eluga Ray 530 Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
],
"trust": 0.6
}
}
VAR-201507-0328
Vulnerability from variot - Updated: 2023-12-18 13:24Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the GetStringInfo method. By passing a large string to the method, an attacker can cause a fixed-length stack buffer to overflow. An attacker could leverage this vulnerability to execute code under the context of the current process. The Panasonic Security API SDK is an API interface development kit (SDK) for a webcam from Matsushita Electric Industrial Co., Ltd., Japan. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security api",
"scope": null,
"trust": 1.4,
"vendor": "panasonic",
"version": null
},
{
"model": "security api activex sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "8.10.14"
},
{
"model": "security api activex sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "8.10.18"
},
{
"model": "security api sdk",
"scope": null,
"trust": 0.6,
"vendor": "panasonic",
"version": null
},
{
"model": "security api activex sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "8.10.14"
},
{
"model": "security api",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "security api activex sdk",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:security_api_activex_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.10.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
],
"trust": 2.3
},
"cve": "CVE-2015-4647",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4647",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-4647",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04199",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "859ac086-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4647",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2015-4647",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04199",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-636",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the GetStringInfo method. By passing a large string to the method, an attacker can cause a fixed-length stack buffer to overflow. An attacker could leverage this vulnerability to execute code under the context of the current process. The Panasonic Security API SDK is an API interface development kit (SDK) for a webcam from Matsushita Electric Industrial Co., Ltd., Japan. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4647"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.87
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4647",
"trust": 4.9
},
{
"db": "ZDI",
"id": "ZDI-15-260",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-15-259",
"trust": 3.4
},
{
"db": "BID",
"id": "75409",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2015-04199",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2752",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2753",
"trust": 0.7
},
{
"db": "IVD",
"id": "859AC086-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
]
},
"id": "VAR-201507-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
}
],
"trust": 1.59166665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
}
]
},
"last_update_date": "2023-12-18T13:24:45.685000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.#SDK",
"trust": 1.4,
"url": "http://security.panasonic.com/pss/security/library/developer.html"
},
{
"title": "SDK(PS-API)",
"trust": 0.8,
"url": "http://security.panasonic.com/pss/security/library/developer.html#sdk"
},
{
"title": "Patch for Panasonic Security API SDK Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60296"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-260/"
},
{
"trust": 2.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-259/"
},
{
"trust": 1.9,
"url": "http://security.panasonic.com/pss/security/library/developer.html#sdk"
},
{
"trust": 1.4,
"url": "http://security.panasonic.com/pss/security/library/developer.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/75409"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4647"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4647"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-260"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75409"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"date": "2015-07-06T14:59:04.313000",
"db": "NVD",
"id": "CVE-2015-4647"
},
{
"date": "2015-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75409"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"date": "2016-12-07T18:13:39.153000",
"db": "NVD",
"id": "CVE-2015-4647"
},
{
"date": "2015-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Security API SDK Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
],
"trust": 0.8
}
}
VAR-201911-0545
Vulnerability from variot - Updated: 2023-12-18 13:18The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. Panasonic ELUGA_I9 Android Device contains an externally controllable reference vulnerability to another area resourceInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Panasonic ELUGA_I9 is a smart phone from Japan's Panasonic Corporation.
Panasonic ELUGA_I9 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0545",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eluga i9",
"scope": null,
"trust": 1.4,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga i9",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:panasonic:eluga_i9_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:panasonic:eluga_i9:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"cve": "CVE-2019-15429",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-15429",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16017",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15429",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-16017",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-931",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. Panasonic ELUGA_I9 Android Device contains an externally controllable reference vulnerability to another area resourceInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Panasonic ELUGA_I9 is a smart phone from Japan\u0027s Panasonic Corporation. \n\r\n\r\nPanasonic ELUGA_I9 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15429"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "CNVD",
"id": "CNVD-2020-16017"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15429",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-16017",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
]
},
"id": "VAR-201911-0545",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
}
]
},
"last_update_date": "2023-12-18T13:18:30.997000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ELUGA I9",
"trust": 0.8,
"url": "https://mobile.panasonic.com/in/smartphones/eluga-i9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-610",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.kryptowire.com/android-firmware-2019/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15429"
},
{
"trust": 1.6,
"url": "https://mobile.panasonic.com/in/advisory"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15429"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"date": "2019-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"date": "2019-11-14T17:15:21.757000",
"db": "NVD",
"id": "CVE-2019-15429"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"date": "2019-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"date": "2020-05-19T12:15:10.847000",
"db": "NVD",
"id": "CVE-2019-15429"
},
{
"date": "2020-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic ELUGA_I9 Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
],
"trust": 0.6
}
}
VAR-201501-0672
Vulnerability from variot - Updated: 2023-12-18 13:03Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. Panasonic Provided by Arbitrator Back-End Server (BES) Vulnerability that does not encrypt communication between client and server (CWE-319) Exists. By this vulnerability Active Directory And other sensitive information have been reported to be leaked. CWE-319: Cleartext Transmission of Sensitive Information http://cwe.mitre.org/data/definitions/319.htmlThird parties may obtain confidential information. Panasonic Arbitrator is a surveillance camera application. This may result in further attacks. Panasonic Arbitrator is a high-definition car digital video recording system produced by Panasonic Corporation of Japan. There is a security flaw in Panasonic Arbitrator's BES, which is caused by the program not using encryption algorithms
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arbitrator back-end server mk 2.0 vpu",
"scope": "eq",
"trust": 1.2,
"vendor": "panasonic",
"version": null
},
{
"model": "arbitrator back-end server mk 3.0 vpu",
"scope": "eq",
"trust": 1.2,
"vendor": "panasonic",
"version": null
},
{
"model": "arbitrator back-end server mk 2.0 vpu",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "9.3.1"
},
{
"model": "arbitrator back-end server mk 3.0 vpu",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "9.3.1"
},
{
"model": "arbitrator back-end server mk 2.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "9.3.1"
},
{
"model": "arbitrator back-end server mk 3.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "9.3.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "panasonic",
"version": null
},
{
"model": "arbitrator mk 2.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "using direct lan"
},
{
"model": "arbitrator mk 2.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "using usb wi-fi"
},
{
"model": "arbitrator mk 3.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "using direct lan"
},
{
"model": "arbitrator mk 3.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "using embedded wi-fi"
},
{
"model": "arbitrator build",
"scope": "lt",
"trust": 0.6,
"vendor": "panasonic",
"version": "9.3.14.08.003.0"
},
{
"model": "mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.0"
},
{
"model": "mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "2.0"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.09.3.1"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.0-"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "2.09.3.1"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "2.0-"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.2,
"vendor": "panasonic",
"version": "2.0\u003c=9.3.1"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.2,
"vendor": "panasonic",
"version": "3.0\u003c=9.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:panasonic:arbitrator_back-end_server_mk_3.0_vpu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:panasonic:arbitrator_back-end_server_mk_3.0_vpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:panasonic:arbitrator_back-end_server_mk_2.0_vpu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:panasonic:arbitrator_back-end_server_mk_2.0_vpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "BID",
"id": "72058"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-001038",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-00396",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-77541",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9596",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-001038",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-319",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77541",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. Panasonic Provided by Arbitrator Back-End Server (BES) Vulnerability that does not encrypt communication between client and server (CWE-319) Exists. By this vulnerability Active Directory And other sensitive information have been reported to be leaked. CWE-319: Cleartext Transmission of Sensitive Information http://cwe.mitre.org/data/definitions/319.htmlThird parties may obtain confidential information. Panasonic Arbitrator is a surveillance camera application. This may result in further attacks. Panasonic Arbitrator is a high-definition car digital video recording system produced by Panasonic Corporation of Japan. There is a security flaw in Panasonic Arbitrator\u0027s BES, which is caused by the program not using encryption algorithms",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9596"
},
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77541"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#117604",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2014-9596",
"trust": 3.6
},
{
"db": "BID",
"id": "72058",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00396",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96405828",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038",
"trust": 0.8
},
{
"db": "BID",
"id": "77722",
"trust": 0.4
},
{
"db": "IVD",
"id": "A97CBBF8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77541",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
]
},
"id": "VAR-201501-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
}
],
"trust": 1.7125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
}
]
},
"last_update_date": "2023-12-18T13:03:28.612000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Arbitrator 360\u00b0 Important Security Update",
"trust": 0.8,
"url": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef\u0026id=21f059b3ab"
},
{
"title": "Patch for Panasonic Arbitrator Back-End Server (BES) Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/54057"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef\u0026id=21f059b3ab"
},
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/117604"
},
{
"trust": 1.4,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9596"
},
{
"trust": 1.1,
"url": "http://www.panasonic.com/business/arbitrator/index.asp"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9596"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96405828/index.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72058"
},
{
"trust": 0.1,
"url": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef\u0026amp;id=21f059b3ab"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-19T00:00:00",
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#117604"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"date": "2015-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-77541"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72058"
},
{
"date": "2015-01-15T00:00:00",
"db": "BID",
"id": "77722"
},
{
"date": "2015-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"date": "2015-01-15T23:59:00.053000",
"db": "NVD",
"id": "CVE-2014-9596"
},
{
"date": "2015-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#117604"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"date": "2015-01-16T00:00:00",
"db": "VULHUB",
"id": "VHN-77541"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72058"
},
{
"date": "2015-01-15T00:00:00",
"db": "BID",
"id": "77722"
},
{
"date": "2015-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"date": "2015-01-16T18:31:00.697000",
"db": "NVD",
"id": "CVE-2014-9596"
},
{
"date": "2015-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication",
"sources": [
{
"db": "CERT/CC",
"id": "VU#117604"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
],
"trust": 0.6
}
}
VAR-201702-0672
Vulnerability from variot - Updated: 2023-12-18 13:03An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. VideoInsightWebClient is a web-based client of VideoInsight, USA. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video insight web client",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "6.3.5.11"
},
{
"model": "web client",
"scope": "eq",
"trust": 0.9,
"vendor": "videoinsight",
"version": "6.3.5.11"
},
{
"model": "web client",
"scope": "lte",
"trust": 0.8,
"vendor": "videoinsight",
"version": "6.3.5.11"
},
{
"model": "web client",
"scope": "lte",
"trust": 0.6,
"vendor": "videoinsight",
"version": "\u003c=6.3.5.11"
},
{
"model": "web client",
"scope": "ne",
"trust": 0.3,
"vendor": "videoinsight",
"version": "6.3.6.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web client",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:video_insight_web_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.3.5.11",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juan Pablo Lopez Yacubian",
"sources": [
{
"db": "BID",
"id": "95416"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5151",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-00560",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-5151",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5151",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-00560",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-326",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. VideoInsightWebClient is a web-based client of VideoInsight, USA. \nAn attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5151",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-012-02",
"trust": 3.3
},
{
"db": "BID",
"id": "95416",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-00560",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583",
"trust": 0.8
},
{
"db": "IVD",
"id": "88C02F99-1C14-4A12-9C8D-DCEDC79CE269",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"id": "VAR-201702-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
}
]
},
"last_update_date": "2023-12-18T13:03:10.601000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Web Client",
"trust": 0.8,
"url": "http://www.video-insight.com/web-client.php"
},
{
"title": "Web Client SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/88117"
},
{
"title": "VideoInsight Web Client SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66987"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-012-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/95416"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5151"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5151"
},
{
"trust": 0.3,
"url": "http://www.video-insight.com/web-client.php"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-18T00:00:00",
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"date": "2017-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"date": "2017-01-12T00:00:00",
"db": "BID",
"id": "95416"
},
{
"date": "2017-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"date": "2017-02-13T21:59:02.627000",
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"date": "2017-01-23T06:06:00",
"db": "BID",
"id": "95416"
},
{
"date": "2017-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"date": "2021-09-09T17:18:30.257000",
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VideoInsight Web Client In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
],
"trust": 0.8
}
}
VAR-201507-0329
Vulnerability from variot - Updated: 2023-12-18 12:51Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Ipropsapi.ipropsapiCtrl.1 ActiveX control. By passing an overly long string to the MulticastAddr method, an attacker can overflow a buffer on the stack. This vulnerability could be used to execute arbitrary code under the context of the user. The Panasonic Security API is an API interface for a webcam from Matsushita Electric Industrial Co., Ltd., Japan. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security api",
"scope": null,
"trust": 1.3,
"vendor": "panasonic",
"version": null
},
{
"model": "security api activex sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "8.10.14"
},
{
"model": "security api activex sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "8.10.18"
},
{
"model": "security api activex sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "8.10.14"
},
{
"model": "security api",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "security api activex sdk",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:security_api_activex_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.10.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4648"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kernelsmith - HP Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
],
"trust": 1.6
},
"cve": "CVE-2015-4648",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-4648",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04200",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "859e78f2-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4648",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2015-4648",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04200",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-635",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Ipropsapi.ipropsapiCtrl.1 ActiveX control. By passing an overly long string to the MulticastAddr method, an attacker can overflow a buffer on the stack. This vulnerability could be used to execute arbitrary code under the context of the user. The Panasonic Security API is an API interface for a webcam from Matsushita Electric Industrial Co., Ltd., Japan. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4648"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4648",
"trust": 4.2
},
{
"db": "ZDI",
"id": "ZDI-15-261",
"trust": 4.0
},
{
"db": "BID",
"id": "75405",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2015-04200",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2940",
"trust": 0.7
},
{
"db": "IVD",
"id": "859E78F2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
]
},
"id": "VAR-201507-0329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
}
],
"trust": 1.3833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
}
]
},
"last_update_date": "2023-12-18T12:51:41.369000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SDK(PS-API)",
"trust": 0.8,
"url": "http://security.panasonic.com/pss/security/library/developer.html#sdk"
},
{
"title": "Panasonic has issued an update to correct this vulnerability.#SDK",
"trust": 0.7,
"url": "http://security.panasonic.com/pss/security/library/developer.html"
},
{
"title": "Patch for Panasonic Security API Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60294"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-261/"
},
{
"trust": 1.9,
"url": "http://security.panasonic.com/pss/security/library/developer.html#sdk"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/75405"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4648"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4648"
},
{
"trust": 0.7,
"url": "http://security.panasonic.com/pss/security/library/developer.html"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-261"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75405"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"date": "2015-07-06T14:59:05.203000",
"db": "NVD",
"id": "CVE-2015-4648"
},
{
"date": "2015-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75405"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"date": "2016-12-07T18:13:40.293000",
"db": "NVD",
"id": "CVE-2015-4648"
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Security API Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
],
"trust": 0.8
}
}
VAR-201911-0447
Vulnerability from variot - Updated: 2023-12-18 12:43The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Panasonic Eluga Ray 600 Android The device is vulnerable to a lack of authentication.Information may be tampered with. The Panasonic Eluga Ray 600 is a smart phone from Japan's Panasonic. An attacker could use this vulnerability to modify system properties
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eluga ray 600",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga ray 600",
"scope": null,
"trust": 0.8,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga ray",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "600"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:panasonic:eluga_ray_600_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:panasonic:eluga_ray_600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"cve": "CVE-2019-15378",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15378",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-15996",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15378",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15378",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-15996",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-877",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Panasonic Eluga Ray 600 Android The device is vulnerable to a lack of authentication.Information may be tampered with. The Panasonic Eluga Ray 600 is a smart phone from Japan\u0027s Panasonic. An attacker could use this vulnerability to modify system properties",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15378"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "CNVD",
"id": "CNVD-2020-15996"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15378",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15996",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
]
},
"id": "VAR-201911-0447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
}
]
},
"last_update_date": "2023-12-18T12:43:14.979000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Eluga Ray 600",
"trust": 0.8,
"url": "https://mobile.panasonic.com/in/smartphones/eluga-ray-600"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-862",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.kryptowire.com/android-firmware-2019/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15378"
},
{
"trust": 1.6,
"url": "https://mobile.panasonic.com/in/advisory"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"date": "2019-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"date": "2019-11-14T17:15:18.287000",
"db": "NVD",
"id": "CVE-2019-15378"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"date": "2019-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15378"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Eluga Ray 600 Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
],
"trust": 0.6
}
}
VAR-202101-0140
Vulnerability from variot - Updated: 2023-12-18 12:35FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": "lt",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.5.0.1"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "version 7.5.0.0"
},
{
"model": "control fpwin pro",
"scope": null,
"trust": 0.7,
"vendor": "panasonic",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.5.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
}
],
"trust": 0.7
},
"cve": "CVE-2020-16236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-16236",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-001002",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-16236",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-16236",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001002",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-16236",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-236",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-16236",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16236",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-005-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92365365",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11579",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-068",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0048",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-16236",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"id": "VAR-202101-0140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2023-12-18T12:35:11.851000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Programming Software Control FPWIN Pro",
"trust": 0.8,
"url": "https://industry.panasonic.eu/factory-automation/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
},
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
},
{
"title": "Panasonic FPWIN Pro Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138391"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16236"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92365365"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16236"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0048/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194260"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"date": "2021-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"date": "2021-01-07T07:38:38",
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"date": "2021-01-26T18:15:39.787000",
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"date": "2021-01-07T07:38:38",
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"date": "2021-01-29T00:58:43.103000",
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Panasonic FPWIN Pro Out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
],
"trust": 0.6
}
}
VAR-201605-0346
Vulnerability from variot - Updated: 2023-12-18 12:20Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion.". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0346",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "5.x from 7.130"
},
{
"model": "fpwin pro",
"scope": null,
"trust": 0.7,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "5.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "6.x"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.6,
"vendor": "panasonic",
"version": "\u003c=7.122"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fpwin pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4497"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-334"
}
],
"trust": 0.7
},
"cve": "CVE-2016-4497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4497",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2016-4497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-03215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "55646fa2-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 4.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4497",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4497",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2016-4497",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-03215",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4497"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "BID",
"id": "90523"
},
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4497",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-131-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-334",
"trust": 2.3
},
{
"db": "BID",
"id": "90523",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-03215",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3504",
"trust": 0.7
},
{
"db": "IVD",
"id": "55646FA2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "BID",
"id": "90523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
]
},
"id": "VAR-201605-0346",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
}
],
"trust": 1.1189655200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
}
]
},
"last_update_date": "2023-12-18T12:20:30.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability - CNVD-2016-03215",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/75924"
},
{
"title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61518"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-334/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90523"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4497"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4497"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "BID",
"id": "90523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "BID",
"id": "90523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90523"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"date": "2016-05-12T01:59:12.683000",
"db": "NVD",
"id": "CVE-2016-4497"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "90523"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"date": "2016-11-28T20:18:25.663000",
"db": "NVD",
"id": "CVE-2016-4497"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
],
"trust": 0.8
}
}
VAR-201605-0345
Vulnerability from variot - Updated: 2023-12-18 12:20Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": null,
"trust": 2.8,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "5.x from 7.130"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "5.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "6.x"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.6,
"vendor": "panasonic",
"version": "\u003c=7.122"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fpwin pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4496"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
}
],
"trust": 2.8
},
"cve": "CVE-2016-4496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4496",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 3.6,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-03208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "5562c54e-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 4.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4496",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-4496",
"trust": 2.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-4496",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-03208",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4496"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "BID",
"id": "90520"
},
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 5.13
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4496",
"trust": 6.3
},
{
"db": "ICS CERT",
"id": "ICSA-16-131-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-335",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-16-336",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-16-337",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-16-333",
"trust": 2.3
},
{
"db": "BID",
"id": "90520",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-03208",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3503",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3502",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3538",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3505",
"trust": 0.7
},
{
"db": "IVD",
"id": "5562C54E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "BID",
"id": "90520"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
]
},
"id": "VAR-201605-0345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
}
],
"trust": 1.1189655200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
}
]
},
"last_update_date": "2023-12-18T12:20:30.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03208)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/75932"
},
{
"title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61519"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-333/"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-335/"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-336/"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-337/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90520"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4496"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4496"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "BID",
"id": "90520"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "BID",
"id": "90520"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90520"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"date": "2016-05-12T01:59:11.620000",
"db": "NVD",
"id": "CVE-2016-4496"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"date": "2016-07-05T22:21:00",
"db": "BID",
"id": "90520"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"date": "2016-11-28T20:18:24.663000",
"db": "NVD",
"id": "CVE-2016-4496"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "90520"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
],
"trust": 0.8
}
}
VAR-201605-0347
Vulnerability from variot - Updated: 2023-12-18 12:20Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a local denial-of-service vulnerability. Failed attacks will cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0347",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "5.x from 7.130"
},
{
"model": "fpwin pro",
"scope": null,
"trust": 0.7,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "5.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "6.x"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.6,
"vendor": "panasonic",
"version": "\u003c=7.122"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fpwin pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-332"
}
],
"trust": 0.7
},
"cve": "CVE-2016-4498",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4498",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2016-4498",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-03214",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "55650ad4-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4498",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4498",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2016-4498",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-03214",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-199",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a local denial-of-service vulnerability. Failed attacks will cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4498"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "BID",
"id": "90521"
},
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4498",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-131-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-332",
"trust": 2.3
},
{
"db": "BID",
"id": "90521",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-03214",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3456",
"trust": 0.7
},
{
"db": "IVD",
"id": "55650AD4-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "BID",
"id": "90521"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
]
},
"id": "VAR-201605-0347",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
}
],
"trust": 1.1189655200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
}
]
},
"last_update_date": "2023-12-18T12:20:30.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03214)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/75925"
},
{
"title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61517"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-332/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90521"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4498"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4498"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "BID",
"id": "90521"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "BID",
"id": "90521"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90521"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"date": "2016-05-12T01:59:13.730000",
"db": "NVD",
"id": "CVE-2016-4498"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "90521"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"date": "2016-11-28T20:18:26.773000",
"db": "NVD",
"id": "CVE-2016-4498"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
],
"trust": 0.8
}
}
VAR-201605-0348
Vulnerability from variot - Updated: 2023-12-18 12:20Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files. A specially-crafted project file can cause a heap buffer overrun in a memcpy call. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": null,
"trust": 1.4,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "5.x from 7.130"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "5.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "6.x"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.6,
"vendor": "panasonic",
"version": "\u003c=7.122"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fpwin pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:fpwin_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4499"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
}
],
"trust": 1.4
},
"cve": "CVE-2016-4499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4499",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4499",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2016-03213",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "5565f688-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 4.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4499",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4499",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2016-4499",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-03213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files. A specially-crafted project file can cause a heap buffer overrun in a memcpy call. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4499"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "BID",
"id": "90522"
},
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.87
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4499",
"trust": 4.9
},
{
"db": "ICS CERT",
"id": "ICSA-16-131-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-331",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-16-330",
"trust": 2.3
},
{
"db": "BID",
"id": "90522",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-03213",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3501",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3446",
"trust": 0.7
},
{
"db": "IVD",
"id": "5565F688-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "BID",
"id": "90522"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
]
},
"id": "VAR-201605-0348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
}
],
"trust": 1.1189655200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
}
]
},
"last_update_date": "2023-12-18T12:20:30.635000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/75926"
},
{
"title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61516"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-330/"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-331/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90522"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4499"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4499"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "BID",
"id": "90522"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "BID",
"id": "90522"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90522"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"date": "2016-05-12T01:59:14.857000",
"db": "NVD",
"id": "CVE-2016-4499"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "90522"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"date": "2016-11-28T20:18:27.850000",
"db": "NVD",
"id": "CVE-2016-4499"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "90522"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
],
"trust": 0.8
}
}
VAR-201901-0728
Vulnerability from variot - Updated: 2023-12-18 12:18Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0728",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "1.0.9"
},
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "version 1.0.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:panasonic:bn-sdwbp3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:panasonic:bn-sdwbp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"cve": "CVE-2018-0678",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-118880",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-0678",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-267",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118880",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0678"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "VULHUB",
"id": "VHN-118880"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN65082538",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0678",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118880",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
]
},
"id": "VAR-201901-0728",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:16.511000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Wi-Fi Card reader - App Store",
"trust": 0.8,
"url": "https://itunes.apple.com/us/app/wi-fikadorida/id859950047?l=ja\u0026ls=1\u0026mt=8"
},
{
"title": "Panasonic Wi-Fi Card reader - Google Play",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.panasonic.avc.media.wifirw\u0026hl=en_us"
},
{
"title": "Panasonic Corporation website",
"trust": 0.8,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"title": "Panasonic BN-SDWBP3 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88450"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn65082538/index.html"
},
{
"trust": 1.6,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0678"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0678"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000122.html"
},
{
"trust": 0.1,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026amp;site_domain=p3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118880"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-01-09T23:29:01.903000",
"db": "NVD",
"id": "CVE-2018-0678"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-118880"
},
{
"date": "2019-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-02-11T13:36:53.277000",
"db": "NVD",
"id": "CVE-2018-0678"
},
{
"date": "2019-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Panasonic BN-SDWBP3",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
],
"trust": 0.6
}
}
VAR-201901-0727
Vulnerability from variot - Updated: 2023-12-18 12:18BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An operating system command injection vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0727",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "1.0.9"
},
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "version 1.0.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:panasonic:bn-sdwbp3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:panasonic:bn-sdwbp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"cve": "CVE-2018-0677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-118879",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-0677",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-266",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118879",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An operating system command injection vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0677"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "VULHUB",
"id": "VHN-118879"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN65082538",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0677",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118879",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
]
},
"id": "VAR-201901-0727",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:16.486000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Wi-Fi Card reader - App Store",
"trust": 0.8,
"url": "https://itunes.apple.com/us/app/wi-fikadorida/id859950047?l=ja\u0026ls=1\u0026mt=8"
},
{
"title": "Panasonic Wi-Fi Card reader - Google Play",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.panasonic.avc.media.wifirw\u0026hl=en_us"
},
{
"title": "Panasonic Corporation website",
"trust": 0.8,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"title": "Panasonic BN-SDWBP3 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88449"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn65082538/index.html"
},
{
"trust": 1.6,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0678"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0678"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000122.html"
},
{
"trust": 0.1,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026amp;site_domain=p3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118879"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-01-09T23:29:01.857000",
"db": "NVD",
"id": "CVE-2018-0677"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-118879"
},
{
"date": "2019-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-02-11T13:44:21.647000",
"db": "NVD",
"id": "CVE-2018-0677"
},
{
"date": "2019-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Panasonic BN-SDWBP3",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
],
"trust": 0.6
}
}
VAR-201901-0726
Vulnerability from variot - Updated: 2023-12-18 12:18BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An authorization issue vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0726",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "1.0.9"
},
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "version 1.0.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:panasonic:bn-sdwbp3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:panasonic:bn-sdwbp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"cve": "CVE-2018-0676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-118878",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-0676",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-265",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118878",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An authorization issue vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0676"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "VULHUB",
"id": "VHN-118878"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN65082538",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0676",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
]
},
"id": "VAR-201901-0726",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:16.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Wi-Fi Card reader - App Store",
"trust": 0.8,
"url": "https://itunes.apple.com/us/app/wi-fikadorida/id859950047?l=ja\u0026ls=1\u0026mt=8"
},
{
"title": "Panasonic Wi-Fi Card reader - Google Play",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.panasonic.avc.media.wifirw\u0026hl=en_us"
},
{
"title": "Panasonic Corporation website",
"trust": 0.8,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"title": "Panasonic BN-SDWBP3 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88448"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn65082538/index.html"
},
{
"trust": 1.6,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0678"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0678"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000122.html"
},
{
"trust": 0.1,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026amp;site_domain=p3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118878"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-01-09T23:29:01.793000",
"db": "NVD",
"id": "CVE-2018-0676"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-118878"
},
{
"date": "2019-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-02-11T13:52:59.500000",
"db": "NVD",
"id": "CVE-2018-0676"
},
{
"date": "2019-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Panasonic BN-SDWBP3",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
],
"trust": 0.6
}
}