var-202307-1941
Vulnerability from variot
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.6.0.3"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "7 ver. 7.6.0.3 and earlier"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"cve": "CVE-2023-28728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "product-security@gg.jp.panasonic.com",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002906",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "VULMON",
"id": "CVE-2023-28728"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-28728",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU96622721",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-192-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-28728",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"id": "VAR-202307-1941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2024-04-27T12:22:09.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "software \u00a0\u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 download Panasonic",
"trust": 0.8,
"url": "https://www3.panasonic.biz/ac/j/dl/software/index.jsp?series_cd=3359"
},
{
"title": "Panasonic Control FPWIN Pro Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=247071"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Mistake of type (CWE-843) [ others ]",
"trust": 0.8
},
{
"problemtype": " Buffer error (CWE-119) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96622721/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28730"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28728"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28729"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-28728/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-21T07:15:09.707000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2024-04-18T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-31T20:58:56.437000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic\u00a0 Made \u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
],
"trust": 0.6
}
}
Loading...