Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for control_fpwin_pro by panasonic

    CVE-2023-28730 (GCVE-0-2023-28730)

    Vulnerability from nvd – Published: 2023-07-21 06:07 – Updated: 2024-10-24 14:21
    VLAI
    Summary
    A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Impacted products
    Vendor Product Version
    Panasonic Control FPWIN Pro Affected: 7.6.0.3 and all previous versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:43:23.736Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28730",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:21:05.070736Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:21:34.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0.3 and all previous versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
                }
              ],
              "value": "A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-21T06:07:24.310Z",
            "orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
            "shortName": "Panasonic Corporation"
          },
          "references": [
            {
              "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
        "assignerShortName": "Panasonic Corporation",
        "cveId": "CVE-2023-28730",
        "datePublished": "2023-07-21T06:07:24.310Z",
        "dateReserved": "2023-03-22T05:49:11.016Z",
        "dateUpdated": "2024-10-24T14:21:34.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28729 (GCVE-0-2023-28729)

    Vulnerability from nvd – Published: 2023-07-21 06:05 – Updated: 2024-10-24 14:24
    VLAI
    Summary
    A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Impacted products
    Vendor Product Version
    Panasonic Control FPWIN Pro Affected: 7.6.0.3 and all previous versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:43:23.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28729",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:22:46.808634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:24:31.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0.3 and all previous versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
                }
              ],
              "value": "A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-21T06:05:26.585Z",
            "orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
            "shortName": "Panasonic Corporation"
          },
          "references": [
            {
              "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
        "assignerShortName": "Panasonic Corporation",
        "cveId": "CVE-2023-28729",
        "datePublished": "2023-07-21T06:05:26.585Z",
        "dateReserved": "2023-03-22T05:49:11.016Z",
        "dateUpdated": "2024-10-24T14:24:31.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28728 (GCVE-0-2023-28728)

    Vulnerability from nvd – Published: 2023-07-21 06:03 – Updated: 2024-10-24 14:25
    VLAI
    Summary
    A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Impacted products
    Vendor Product Version
    Panasonic Control FPWIN Pro Affected: 7.6.0.3 and all previous versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:43:23.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28728",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:25:39.493920Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:25:55.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0.3 and all previous versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
                }
              ],
              "value": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-21T06:03:00.280Z",
            "orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
            "shortName": "Panasonic Corporation"
          },
          "references": [
            {
              "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
        "assignerShortName": "Panasonic Corporation",
        "cveId": "CVE-2023-28728",
        "datePublished": "2023-07-21T06:03:00.280Z",
        "dateReserved": "2023-03-22T05:49:11.016Z",
        "dateUpdated": "2024-10-24T14:25:55.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6532 (GCVE-0-2019-6532)

    Vulnerability from nvd – Published: 2019-06-07 13:58 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-843 - ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843
    Assigner
    Impacted products
    Vendor Product Version
    Panasonic FPWIN Pro Affected: Version 7.3.0.0 and prior
    Create a notification for this product.
    Date Public
    2019-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
              },
              {
                "name": "108683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108683"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 7.3.0.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2019-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (\u0027TYPE CONFUSION\u0027) CWE-843",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-13T17:06:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
            },
            {
              "name": "108683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108683"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FPWIN Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 7.3.0.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Panasonic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (\u0027TYPE CONFUSION\u0027) CWE-843"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
                },
                {
                  "name": "108683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108683"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6532",
        "datePublished": "2019-06-07T13:58:48.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6530 (GCVE-0-2019-6530)

    Vulnerability from nvd – Published: 2019-06-07 13:58 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
    Assigner
    Impacted products
    Vendor Product Version
    Panasonic FPWIN Pro Affected: Version 7.3.0.0 and prior
    Create a notification for this product.
    Date Public
    2019-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
              },
              {
                "name": "108683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108683"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 7.3.0.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2019-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-13T17:06:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
            },
            {
              "name": "108683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108683"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6530",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FPWIN Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 7.3.0.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Panasonic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
                },
                {
                  "name": "108683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108683"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6530",
        "datePublished": "2019-06-07T13:58:17.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28730 (GCVE-0-2023-28730)

    Vulnerability from cvelistv5 – Published: 2023-07-21 06:07 – Updated: 2024-10-24 14:21
    VLAI
    Summary
    A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Impacted products
    Vendor Product Version
    Panasonic Control FPWIN Pro Affected: 7.6.0.3 and all previous versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:43:23.736Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28730",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:21:05.070736Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:21:34.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0.3 and all previous versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
                }
              ],
              "value": "A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-21T06:07:24.310Z",
            "orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
            "shortName": "Panasonic Corporation"
          },
          "references": [
            {
              "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
        "assignerShortName": "Panasonic Corporation",
        "cveId": "CVE-2023-28730",
        "datePublished": "2023-07-21T06:07:24.310Z",
        "dateReserved": "2023-03-22T05:49:11.016Z",
        "dateUpdated": "2024-10-24T14:21:34.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28729 (GCVE-0-2023-28729)

    Vulnerability from cvelistv5 – Published: 2023-07-21 06:05 – Updated: 2024-10-24 14:24
    VLAI
    Summary
    A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Impacted products
    Vendor Product Version
    Panasonic Control FPWIN Pro Affected: 7.6.0.3 and all previous versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:43:23.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28729",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:22:46.808634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:24:31.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0.3 and all previous versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
                }
              ],
              "value": "A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-21T06:05:26.585Z",
            "orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
            "shortName": "Panasonic Corporation"
          },
          "references": [
            {
              "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
        "assignerShortName": "Panasonic Corporation",
        "cveId": "CVE-2023-28729",
        "datePublished": "2023-07-21T06:05:26.585Z",
        "dateReserved": "2023-03-22T05:49:11.016Z",
        "dateUpdated": "2024-10-24T14:24:31.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28728 (GCVE-0-2023-28728)

    Vulnerability from cvelistv5 – Published: 2023-07-21 06:03 – Updated: 2024-10-24 14:25
    VLAI
    Summary
    A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Impacted products
    Vendor Product Version
    Panasonic Control FPWIN Pro Affected: 7.6.0.3 and all previous versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:43:23.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28728",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:25:39.493920Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:25:55.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0.3 and all previous versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
                }
              ],
              "value": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-21T06:03:00.280Z",
            "orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
            "shortName": "Panasonic Corporation"
          },
          "references": [
            {
              "url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
        "assignerShortName": "Panasonic Corporation",
        "cveId": "CVE-2023-28728",
        "datePublished": "2023-07-21T06:03:00.280Z",
        "dateReserved": "2023-03-22T05:49:11.016Z",
        "dateUpdated": "2024-10-24T14:25:55.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6532 (GCVE-0-2019-6532)

    Vulnerability from cvelistv5 – Published: 2019-06-07 13:58 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-843 - ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843
    Assigner
    Impacted products
    Vendor Product Version
    Panasonic FPWIN Pro Affected: Version 7.3.0.0 and prior
    Create a notification for this product.
    Date Public
    2019-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
              },
              {
                "name": "108683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108683"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 7.3.0.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2019-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (\u0027TYPE CONFUSION\u0027) CWE-843",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-13T17:06:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
            },
            {
              "name": "108683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108683"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FPWIN Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 7.3.0.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Panasonic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE (\u0027TYPE CONFUSION\u0027) CWE-843"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
                },
                {
                  "name": "108683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108683"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-568/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-566/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-570/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6532",
        "datePublished": "2019-06-07T13:58:48.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6530 (GCVE-0-2019-6530)

    Vulnerability from cvelistv5 – Published: 2019-06-07 13:58 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
    Assigner
    Impacted products
    Vendor Product Version
    Panasonic FPWIN Pro Affected: Version 7.3.0.0 and prior
    Create a notification for this product.
    Date Public
    2019-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
              },
              {
                "name": "108683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108683"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FPWIN Pro",
              "vendor": "Panasonic",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 7.3.0.0 and prior"
                }
              ]
            }
          ],
          "datePublic": "2019-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-13T17:06:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
            },
            {
              "name": "108683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108683"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6530",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FPWIN Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 7.3.0.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Panasonic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
                },
                {
                  "name": "108683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108683"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6530",
        "datePublished": "2019-06-07T13:58:17.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }