VAR-202307-1941
Vulnerability from variot - Updated: 2024-04-27 12:22A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.6.0.3"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "7 ver. 7.6.0.3 and earlier"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"cve": "CVE-2023-28728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "product-security@gg.jp.panasonic.com",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002906",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "VULMON",
"id": "CVE-2023-28728"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-28728",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU96622721",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-192-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-28728",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"id": "VAR-202307-1941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31896552
},
"last_update_date": "2024-04-27T12:22:09.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "software \u00a0\u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 download Panasonic",
"trust": 0.8,
"url": "https://www3.panasonic.biz/ac/j/dl/software/index.jsp?series_cd=3359"
},
{
"title": "Panasonic Control FPWIN Pro Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=247071"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Mistake of type (CWE-843) [ others ]",
"trust": 0.8
},
{
"problemtype": " Buffer error (CWE-119) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96622721/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28730"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28728"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28729"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-28728/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-21T07:15:09.707000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2024-04-18T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-31T20:58:56.437000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic\u00a0 Made \u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…