var-202307-1941
Vulnerability from variot

A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-1941",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "control fpwin pro",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "panasonic",
        "version": "7.6.0.3"
      },
      {
        "model": "fpwin pro",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": "7 ver. 7.6.0.3  and earlier"
      },
      {
        "model": "fpwin pro",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28728"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.6.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-28728"
      }
    ]
  },
  "cve": "CVE-2023-28728",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2023-002906",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-28728",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "product-security@gg.jp.panasonic.com",
            "id": "CVE-2023-28728",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2023-002906",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-1800",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-1800"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28728"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28728"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-28728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-28728"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-28728",
        "trust": 3.3
      },
      {
        "db": "JVN",
        "id": "JVNVU96622721",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-192-03",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-1800",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-28728",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-28728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-1800"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28728"
      }
    ]
  },
  "id": "VAR-202307-1941",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.31896552
  },
  "last_update_date": "2024-04-27T12:22:09.007000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "software \u00a0\u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 download  Panasonic",
        "trust": 0.8,
        "url": "https://www3.panasonic.biz/ac/j/dl/software/index.jsp?series_cd=3359"
      },
      {
        "title": "Panasonic Control FPWIN Pro Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=247071"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-1800"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Mistake of type (CWE-843) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Buffer error (CWE-119) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28728"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu96622721/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28730"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28728"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28729"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-28728/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-28728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-1800"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28728"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2023-28728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-1800"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28728"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-28728"
      },
      {
        "date": "2023-08-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "date": "2023-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-1800"
      },
      {
        "date": "2023-07-21T07:15:09.707000",
        "db": "NVD",
        "id": "CVE-2023-28728"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-28728"
      },
      {
        "date": "2024-04-18T08:30:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      },
      {
        "date": "2023-07-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-1800"
      },
      {
        "date": "2023-07-31T20:58:56.437000",
        "db": "NVD",
        "id": "CVE-2023-28728"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Panasonic\u00a0 Made \u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 Multiple vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002906"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-1800"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.