Search
Find a vulnerability
Search criteria
83 vulnerabilities by Panasonic
CVE-2025-11223 (GCVE-0-2025-11223)
Vulnerability from nvd – Published: 2025-10-03 08:02 – Updated: 2025-10-03 15:54
VLAI
Summary
Installer of
Panasonic
AutoDownloader
version 1.2.8
contains an issue with the DLL search path, which may lead to loading
a crafted DLL file in the same directory.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | AutoDownloader |
Affected:
1.2.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T15:54:35.950493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T15:54:47.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoDownloader",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "1.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eInstaller of \u003c/span\u003e\n\nPanasonic \n\nAutoDownloader \n\n\n\n version 1.2.8\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003econtains an issue with the DLL search path, which may lead to loading \n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003ea crafted DLL file in the same directory\u003c/span\u003e.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Installer of \n\nPanasonic \n\nAutoDownloader \n\n\n\n version 1.2.8\ncontains an issue with the DLL search path, which may lead to loading \n\na crafted DLL file in the same directory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T08:02:18.567Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://content.connect.panasonic.com/jp-ja/fai/file/66248"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2025-11223",
"datePublished": "2025-10-03T08:02:18.567Z",
"dateReserved": "2025-10-01T01:04:30.843Z",
"dateUpdated": "2025-10-03T15:54:47.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1073 (GCVE-0-2025-1073)
Vulnerability from nvd – Published: 2025-04-10 11:16 – Updated: 2025-04-15 03:39
VLAI
Summary
Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | IR Control Hub (IR Blaster) |
Affected:
1.17 and earlier
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:01:42.557304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:02:23.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IR Control Hub (IR Blaster)",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "1.17 and earlier",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shravan Singh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.\n\n\u003cbr\u003e"
}
],
"value": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T03:39:35.888Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://lsin.panasonic.com/release-notes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2025-1073",
"datePublished": "2025-04-10T11:16:33.999Z",
"dateReserved": "2025-02-06T06:36:17.394Z",
"dateUpdated": "2025-04-15T03:39:35.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11223 (GCVE-0-2025-11223)
Vulnerability from cvelistv5 – Published: 2025-10-03 08:02 – Updated: 2025-10-03 15:54
VLAI
Summary
Installer of
Panasonic
AutoDownloader
version 1.2.8
contains an issue with the DLL search path, which may lead to loading
a crafted DLL file in the same directory.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | AutoDownloader |
Affected:
1.2.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T15:54:35.950493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T15:54:47.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AutoDownloader",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "1.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eInstaller of \u003c/span\u003e\n\nPanasonic \n\nAutoDownloader \n\n\n\n version 1.2.8\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003econtains an issue with the DLL search path, which may lead to loading \n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003ea crafted DLL file in the same directory\u003c/span\u003e.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Installer of \n\nPanasonic \n\nAutoDownloader \n\n\n\n version 1.2.8\ncontains an issue with the DLL search path, which may lead to loading \n\na crafted DLL file in the same directory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T08:02:18.567Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://content.connect.panasonic.com/jp-ja/fai/file/66248"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2025-11223",
"datePublished": "2025-10-03T08:02:18.567Z",
"dateReserved": "2025-10-01T01:04:30.843Z",
"dateUpdated": "2025-10-03T15:54:47.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1073 (GCVE-0-2025-1073)
Vulnerability from cvelistv5 – Published: 2025-04-10 11:16 – Updated: 2025-04-15 03:39
VLAI
Summary
Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic | IR Control Hub (IR Blaster) |
Affected:
1.17 and earlier
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:01:42.557304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:02:23.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IR Control Hub (IR Blaster)",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "1.17 and earlier",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shravan Singh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.\n\n\u003cbr\u003e"
}
],
"value": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T03:39:35.888Z",
"orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"shortName": "Panasonic_Holdings_Corporation"
},
"references": [
{
"url": "https://lsin.panasonic.com/release-notes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
"assignerShortName": "Panasonic_Holdings_Corporation",
"cveId": "CVE-2025-1073",
"datePublished": "2025-04-10T11:16:33.999Z",
"dateReserved": "2025-02-06T06:36:17.394Z",
"dateUpdated": "2025-04-15T03:39:35.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201702-0672
Vulnerability from variot - Updated: 2025-04-20 23:36An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. VideoInsightWebClient is a web-based client of VideoInsight, USA. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video insight web client",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "6.3.5.11"
},
{
"model": "web client",
"scope": "eq",
"trust": 0.9,
"vendor": "videoinsight",
"version": "6.3.5.11"
},
{
"model": "web client",
"scope": "lte",
"trust": 0.8,
"vendor": "videoinsight",
"version": "6.3.5.11"
},
{
"model": "web client",
"scope": "lte",
"trust": 0.6,
"vendor": "videoinsight",
"version": "\u003c=6.3.5.11"
},
{
"model": "web client",
"scope": "ne",
"trust": 0.3,
"vendor": "videoinsight",
"version": "6.3.6.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web client",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:videoinsight:web_client",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juan Pablo Lopez Yacubian",
"sources": [
{
"db": "BID",
"id": "95416"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5151",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-00560",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5151",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-5151",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5151",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5151",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-00560",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-326",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. VideoInsightWebClient is a web-based client of VideoInsight, USA. \nAn attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5151",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-012-02",
"trust": 3.3
},
{
"db": "BID",
"id": "95416",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-00560",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583",
"trust": 0.8
},
{
"db": "IVD",
"id": "88C02F99-1C14-4A12-9C8D-DCEDC79CE269",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"id": "VAR-201702-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
}
]
},
"last_update_date": "2025-04-20T23:36:57.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Web Client",
"trust": 0.8,
"url": "http://www.video-insight.com/web-client.php"
},
{
"title": "Web Client SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/88117"
},
{
"title": "VideoInsight Web Client SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66987"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-012-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/95416"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5151"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5151"
},
{
"trust": 0.3,
"url": "http://www.video-insight.com/web-client.php"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"db": "BID",
"id": "95416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-18T00:00:00",
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"date": "2017-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"date": "2017-01-12T00:00:00",
"db": "BID",
"id": "95416"
},
{
"date": "2017-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"date": "2017-02-13T21:59:02.627000",
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00560"
},
{
"date": "2017-01-23T06:06:00",
"db": "BID",
"id": "95416"
},
{
"date": "2017-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001583"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-326"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5151"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VideoInsight Web Client In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001583"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "88c02f99-1c14-4a12-9c8d-dcedc79ce269"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-326"
}
],
"trust": 0.8
}
}
VAR-201710-0949
Vulnerability from variot - Updated: 2025-04-20 23:15SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected product may view the configuration menu - CVE-2017-2131 * A user with access to the affected product may delete arbitrary files in the specific directory - CVE-2017-2132 * A user who can log in to the affected product may obtain or alter information on the product - CVE-2017-2133 . Panasonic KX-HJB1000 Homeunitdevices is a network camera from Matsushita Electric Industrial Co., Ltd. of Japan. There is a SQL injection vulnerability in HomeunitKX-HJB1000. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0949",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kx-hjb1000",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "hjb1000_4.47"
},
{
"model": "kx-hjb1000",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "ghx1yg_14.50"
},
{
"model": "home unit kx-hjb1000",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "ghx1yg 14.50"
},
{
"model": "home unit kx-hjb1000",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "hjb1000_4.47"
},
{
"model": "unit kx-hjb1000 hjb1000 4.47",
"scope": null,
"trust": 0.6,
"vendor": "panasonic",
"version": null
},
{
"model": "unit kx-hjb1000 ghx1yg",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "14.50"
},
{
"model": "home unit kx-hjb1000 hjb1000 4.47",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "home unit kx-hjb1000 ghx1yg",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "14.50"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"db": "BID",
"id": "101583"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1000"
},
{
"db": "NVD",
"id": "CVE-2017-2133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:panasonic:kx-hjb1000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "101583"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-2133",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-33659",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-110336",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2133",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000229",
"trust": 2.4,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2133",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-33659",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1000",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110336",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"db": "VULHUB",
"id": "VHN-110336"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1000"
},
{
"db": "NVD",
"id": "CVE-2017-2133"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected product may view the configuration menu - CVE-2017-2131 * A user with access to the affected product may delete arbitrary files in the specific directory - CVE-2017-2132 * A user who can log in to the affected product may obtain or alter information on the product - CVE-2017-2133 . Panasonic KX-HJB1000 Homeunitdevices is a network camera from Matsushita Electric Industrial Co., Ltd. of Japan. There is a SQL injection vulnerability in HomeunitKX-HJB1000. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2133"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"db": "BID",
"id": "101583"
},
{
"db": "VULHUB",
"id": "VHN-110336"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2133",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN54795166",
"trust": 2.8
},
{
"db": "BID",
"id": "101583",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1000",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-33659",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110336",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"db": "VULHUB",
"id": "VHN-110336"
},
{
"db": "BID",
"id": "101583"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1000"
},
{
"db": "NVD",
"id": "CVE-2017-2133"
}
]
},
"id": "VAR-201710-0949",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"db": "VULHUB",
"id": "VHN-110336"
}
],
"trust": 1.4321428649999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33659"
}
]
},
"last_update_date": "2025-04-20T23:15:53.054000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Corporation website",
"trust": 0.8,
"url": "http://www.panasonic.com/jp/support/consumer/com/hns/homeunit/releasenote"
},
{
"title": "Patch for Panasonic HomeUnitKX-HJB1000SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/105956"
},
{
"title": "Panasonic KX-HJB1000 Home unit device SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75892"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
},
{
"problemtype": "CWE-264",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110336"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "NVD",
"id": "CVE-2017-2133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://jvn.jp/en/jp/jvn54795166/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2133"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/101583"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2131"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2132"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2133"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn54795166/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2131"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2132"
},
{
"trust": 0.3,
"url": "http://jpn.faq.panasonic.com/app/answers/detail/a_id/9190/p/1761,2579,2580"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"db": "VULHUB",
"id": "VHN-110336"
},
{
"db": "BID",
"id": "101583"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1000"
},
{
"db": "NVD",
"id": "CVE-2017-2133"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"db": "VULHUB",
"id": "VHN-110336"
},
{
"db": "BID",
"id": "101583"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1000"
},
{
"db": "NVD",
"id": "CVE-2017-2133"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"date": "2017-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-110336"
},
{
"date": "2017-10-17T00:00:00",
"db": "BID",
"id": "101583"
},
{
"date": "2017-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"date": "2017-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1000"
},
{
"date": "2017-10-20T11:29:00.293000",
"db": "NVD",
"id": "CVE-2017-2133"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33659"
},
{
"date": "2017-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110336"
},
{
"date": "2017-12-19T20:00:00",
"db": "BID",
"id": "101583"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"date": "2017-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1000"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2133"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1000"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Home unit KX-HJB1000 contains multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1000"
}
],
"trust": 0.6
}
}
VAR-201710-0948
Vulnerability from variot - Updated: 2025-04-20 23:15Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected product may view the configuration menu - CVE-2017-2131 * A user with access to the affected product may delete arbitrary files in the specific directory - CVE-2017-2132 * A user who can log in to the affected product may obtain or alter information on the product - CVE-2017-2133 . Panasonic KX-HJB1000 Homeunitdevices is a network camera from Matsushita Electric Industrial Co., Ltd. of Japan. PanasonicHomeUnitKX-HJB1000 has an arbitrary file deletion vulnerability. An attacker could use this vulnerability to remove any files from the directory. An attacker can exploit this issue to delete arbitrary files on a vulnerable computer with the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0948",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kx-hjb1000",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "hjb1000_4.47"
},
{
"model": "kx-hjb1000",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "ghx1yg_14.50"
},
{
"model": "home unit kx-hjb1000",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "ghx1yg 14.50"
},
{
"model": "home unit kx-hjb1000",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "hjb1000_4.47"
},
{
"model": "unit kx-hjb1000 hjb1000 4.47",
"scope": null,
"trust": 0.6,
"vendor": "panasonic",
"version": null
},
{
"model": "unit kx-hjb1000 ghx1yg",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "14.50"
},
{
"model": "home unit kx-hjb1000 hjb1000 4.47",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "home unit kx-hjb1000 ghx1yg",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "14.50"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"db": "BID",
"id": "101584"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1001"
},
{
"db": "NVD",
"id": "CVE-2017-2132"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:panasonic:kx-hjb1000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "101584"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2132",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-2132",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-33660",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-110335",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-2132",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000229",
"trust": 2.4,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2132",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-33660",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1001",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110335",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-2132",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"db": "VULHUB",
"id": "VHN-110335"
},
{
"db": "VULMON",
"id": "CVE-2017-2132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1001"
},
{
"db": "NVD",
"id": "CVE-2017-2132"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected product may view the configuration menu - CVE-2017-2131 * A user with access to the affected product may delete arbitrary files in the specific directory - CVE-2017-2132 * A user who can log in to the affected product may obtain or alter information on the product - CVE-2017-2133 . Panasonic KX-HJB1000 Homeunitdevices is a network camera from Matsushita Electric Industrial Co., Ltd. of Japan. PanasonicHomeUnitKX-HJB1000 has an arbitrary file deletion vulnerability. An attacker could use this vulnerability to remove any files from the directory. \nAn attacker can exploit this issue to delete arbitrary files on a vulnerable computer with the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"db": "BID",
"id": "101584"
},
{
"db": "VULHUB",
"id": "VHN-110335"
},
{
"db": "VULMON",
"id": "CVE-2017-2132"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2132",
"trust": 3.5
},
{
"db": "JVN",
"id": "JVN54795166",
"trust": 3.5
},
{
"db": "BID",
"id": "101584",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1001",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-33660",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110335",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-2132",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"db": "VULHUB",
"id": "VHN-110335"
},
{
"db": "VULMON",
"id": "CVE-2017-2132"
},
{
"db": "BID",
"id": "101584"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1001"
},
{
"db": "NVD",
"id": "CVE-2017-2132"
}
]
},
"id": "VAR-201710-0948",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"db": "VULHUB",
"id": "VHN-110335"
}
],
"trust": 1.4321428649999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33660"
}
]
},
"last_update_date": "2025-04-20T23:15:53.016000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Corporation website",
"trust": 0.8,
"url": "http://www.panasonic.com/jp/support/consumer/com/hns/homeunit/releasenote"
},
{
"title": "PanasonicHomeUnitKX-HJB1000 patch for arbitrary file deletion vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/105953"
},
{
"title": "Panasonic KX-HJB1000 Home unit Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-89",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110335"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "NVD",
"id": "CVE-2017-2132"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://jvn.jp/en/jp/jvn54795166/"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/101584"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2131"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2132"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2133"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn54795166/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2131"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2132"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2133"
},
{
"trust": 0.3,
"url": "http://jpn.faq.panasonic.com/app/answers/detail/a_id/9190/p/1761,2579,2580"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"db": "VULHUB",
"id": "VHN-110335"
},
{
"db": "VULMON",
"id": "CVE-2017-2132"
},
{
"db": "BID",
"id": "101584"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1001"
},
{
"db": "NVD",
"id": "CVE-2017-2132"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"db": "VULHUB",
"id": "VHN-110335"
},
{
"db": "VULMON",
"id": "CVE-2017-2132"
},
{
"db": "BID",
"id": "101584"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1001"
},
{
"db": "NVD",
"id": "CVE-2017-2132"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"date": "2017-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-110335"
},
{
"date": "2017-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2132"
},
{
"date": "2017-10-17T00:00:00",
"db": "BID",
"id": "101584"
},
{
"date": "2017-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"date": "2017-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1001"
},
{
"date": "2017-10-20T11:29:00.247000",
"db": "NVD",
"id": "CVE-2017-2132"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33660"
},
{
"date": "2017-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-110335"
},
{
"date": "2017-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2132"
},
{
"date": "2017-12-19T20:00:00",
"db": "BID",
"id": "101584"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"date": "2017-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1001"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2132"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1001"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Home unit KX-HJB1000 contains multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1001"
}
],
"trust": 0.6
}
}
VAR-201710-0947
Vulnerability from variot - Updated: 2025-04-20 23:15Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected product may view the configuration menu - CVE-2017-2131 * A user with access to the affected product may delete arbitrary files in the specific directory - CVE-2017-2132 * A user who can log in to the affected product may obtain or alter information on the product - CVE-2017-2133 . Panasonic KX-HJB1000 Homeunitdevices is a network camera from Matsushita Electric Industrial Co., Ltd. of Japan. PanasonicHomeUnitKX-HJB1000 has an access bypass vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0947",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kx-hjb1000",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "hjb1000_4.47"
},
{
"model": "kx-hjb1000",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "ghx1yg_14.50"
},
{
"model": "home unit kx-hjb1000",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "ghx1yg 14.50"
},
{
"model": "home unit kx-hjb1000",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "hjb1000_4.47"
},
{
"model": "unit kx-hjb1000 hjb1000 4.47",
"scope": null,
"trust": 0.6,
"vendor": "panasonic",
"version": null
},
{
"model": "unit kx-hjb1000 ghx1yg",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "14.50"
},
{
"model": "home unit kx-hjb1000 hjb1000 4.47",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "home unit kx-hjb1000 ghx1yg",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "14.50"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"db": "BID",
"id": "101581"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1002"
},
{
"db": "NVD",
"id": "CVE-2017-2131"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:panasonic:kx-hjb1000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "101581"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2131",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-2131",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-33661",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-110334",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-2131",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000229",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000229",
"trust": 2.4,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2131",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-33661",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1002",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110334",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"db": "VULHUB",
"id": "VHN-110334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1002"
},
{
"db": "NVD",
"id": "CVE-2017-2131"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected product may view the configuration menu - CVE-2017-2131 * A user with access to the affected product may delete arbitrary files in the specific directory - CVE-2017-2132 * A user who can log in to the affected product may obtain or alter information on the product - CVE-2017-2133 . Panasonic KX-HJB1000 Homeunitdevices is a network camera from Matsushita Electric Industrial Co., Ltd. of Japan. PanasonicHomeUnitKX-HJB1000 has an access bypass vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2131"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"db": "BID",
"id": "101581"
},
{
"db": "VULHUB",
"id": "VHN-110334"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2131",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN54795166",
"trust": 2.8
},
{
"db": "BID",
"id": "101581",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1002",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-33661",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110334",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"db": "VULHUB",
"id": "VHN-110334"
},
{
"db": "BID",
"id": "101581"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1002"
},
{
"db": "NVD",
"id": "CVE-2017-2131"
}
]
},
"id": "VAR-201710-0947",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"db": "VULHUB",
"id": "VHN-110334"
}
],
"trust": 1.4321428649999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33661"
}
]
},
"last_update_date": "2025-04-20T23:15:52.980000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Corporation website",
"trust": 0.8,
"url": "http://www.panasonic.com/jp/support/consumer/com/hns/homeunit/releasenote"
},
{
"title": "PanasonicHomeUnitKX-HJB1000 access patch to bypass the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/105952"
},
{
"title": "Panasonic KX-HJB1000 Home unit Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75894"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "CWE-89",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "NVD",
"id": "CVE-2017-2131"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://jvn.jp/en/jp/jvn54795166/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101581"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2131"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2132"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2133"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn54795166/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2131"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2132"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2133"
},
{
"trust": 0.3,
"url": "http://jpn.faq.panasonic.com/app/answers/detail/a_id/9190/p/1761,2579,2580"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"db": "VULHUB",
"id": "VHN-110334"
},
{
"db": "BID",
"id": "101581"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1002"
},
{
"db": "NVD",
"id": "CVE-2017-2131"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"db": "VULHUB",
"id": "VHN-110334"
},
{
"db": "BID",
"id": "101581"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1002"
},
{
"db": "NVD",
"id": "CVE-2017-2131"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"date": "2017-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-110334"
},
{
"date": "2017-10-17T00:00:00",
"db": "BID",
"id": "101581"
},
{
"date": "2017-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"date": "2017-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1002"
},
{
"date": "2017-10-20T11:29:00.217000",
"db": "NVD",
"id": "CVE-2017-2131"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33661"
},
{
"date": "2017-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-110334"
},
{
"date": "2017-12-19T20:00:00",
"db": "BID",
"id": "101581"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000229"
},
{
"date": "2017-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1002"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2131"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Home unit KX-HJB1000 contains multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1002"
}
],
"trust": 0.6
}
}
VAR-201410-1415
Vulnerability from variot - Updated: 2025-04-13 23:41The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within then NcrCtl4.NcrNet.1 control. An attacker can leverage this to execute arbitrary code in the context of the browser. Panasonic Network Camera is a Panasonic network camera. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network camera recorder",
"scope": "lt",
"trust": 1.8,
"vendor": "panasonic",
"version": "4.04r03"
},
{
"model": "network camera recorder",
"scope": null,
"trust": 1.5,
"vendor": "panasonic",
"version": null
},
{
"model": "network camera recorder",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "4.04r02"
},
{
"model": "network camera recorder 4.04r02",
"scope": null,
"trust": 0.2,
"vendor": "panasonic",
"version": null
},
{
"model": "network camera recorder",
"scope": "lte",
"trust": 0.2,
"vendor": "panasonic",
"version": "\u003c=4.04"
}
],
"sources": [
{
"db": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-363"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-598"
},
{
"db": "NVD",
"id": "CVE-2014-8756"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:panasonic:network_camera_recorder",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-363"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8756",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-8756",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8756",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06972",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-76701",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8756",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8756",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2014-8756",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-06972",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-598",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76701",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-363"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"db": "VULHUB",
"id": "VHN-76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-598"
},
{
"db": "NVD",
"id": "CVE-2014-8756"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within then NcrCtl4.NcrNet.1 control. An attacker can leverage this to execute arbitrary code in the context of the browser. Panasonic Network Camera is a Panasonic network camera. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8756"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"db": "ZDI",
"id": "ZDI-14-363"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"db": "BID",
"id": "70609"
},
{
"db": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76701"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8756",
"trust": 4.3
},
{
"db": "ZDI",
"id": "ZDI-14-363",
"trust": 3.2
},
{
"db": "BID",
"id": "70609",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201410-598",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06972",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004963",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2171",
"trust": 0.7
},
{
"db": "IVD",
"id": "C49DF0AA-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76701",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-363"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"db": "VULHUB",
"id": "VHN-76701"
},
{
"db": "BID",
"id": "70609"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-598"
},
{
"db": "NVD",
"id": "CVE-2014-8756"
}
]
},
"id": "VAR-201410-1415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"db": "VULHUB",
"id": "VHN-76701"
}
],
"trust": 1.5666666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
}
]
},
"last_update_date": "2025-04-13T23:41:27.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Network Camera",
"trust": 1.5,
"url": "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20\u0026mm=2010073014092324"
},
{
"title": "Patch for Panasonic Network Camera Recorder Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/51012"
},
{
"title": "hnp17a_v404R03us",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52077"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-363"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-598"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"db": "NVD",
"id": "CVE-2014-8756"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.zerodayinitiative.com/advisories/zdi-14-363/"
},
{
"trust": 2.3,
"url": "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20\u0026mm=2010073014092324"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8756"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8756"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70609"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
},
{
"trust": 0.1,
"url": "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20\u0026amp;mm=2010073014092324"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-363"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"db": "VULHUB",
"id": "VHN-76701"
},
{
"db": "BID",
"id": "70609"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-598"
},
{
"db": "NVD",
"id": "CVE-2014-8756"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-363"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"db": "VULHUB",
"id": "VHN-76701"
},
{
"db": "BID",
"id": "70609"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-598"
},
{
"db": "NVD",
"id": "CVE-2014-8756"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-20T00:00:00",
"db": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-10-14T00:00:00",
"db": "ZDI",
"id": "ZDI-14-363"
},
{
"date": "2014-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"date": "2014-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-76701"
},
{
"date": "2014-10-16T00:00:00",
"db": "BID",
"id": "70609"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-598"
},
{
"date": "2014-10-17T15:55:08.963000",
"db": "NVD",
"id": "CVE-2014-8756"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "ZDI",
"id": "ZDI-14-363"
},
{
"date": "2014-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"date": "2014-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-76701"
},
{
"date": "2014-10-16T00:00:00",
"db": "BID",
"id": "70609"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004963"
},
{
"date": "2021-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-598"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8756"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-598"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Network Camera Recorder Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "c49df0aa-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06972"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-598"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-598"
}
],
"trust": 0.6
}
}
VAR-201605-0348
Vulnerability from variot - Updated: 2025-04-13 23:31Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files. A specially-crafted project file can cause a heap buffer overrun in a memcpy call. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": null
},
{
"_id": null,
"model": "fpwin pro",
"scope": null,
"trust": 1.4,
"vendor": "panasonic",
"version": null
},
{
"_id": null,
"model": "fpwin pro",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.x"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "5.x from 7.130"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "5.x"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "6.x"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "lte",
"trust": 0.6,
"vendor": "panasonic",
"version": "\u003c=7.122"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fpwin pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:fpwin_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
}
],
"trust": 1.4
},
"cve": "CVE-2016-4499",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2016-4499",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4499",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2016-03213",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "5565f688-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.8,
"id": "CVE-2016-4499",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-4499",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4499",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-4499",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-03213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
}
]
},
"description": {
"_id": null,
"data": "Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files. A specially-crafted project file can cause a heap buffer overrun in a memcpy call. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4499"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "BID",
"id": "90522"
},
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.87
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-4499",
"trust": 4.9
},
{
"db": "ICS CERT",
"id": "ICSA-16-131-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-331",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-16-330",
"trust": 2.3
},
{
"db": "BID",
"id": "90522",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-03213",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3501",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3446",
"trust": 0.7
},
{
"db": "IVD",
"id": "5565F688-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "BID",
"id": "90522"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
}
]
},
"id": "VAR-201605-0348",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
}
],
"trust": 1.06451612
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
}
]
},
"last_update_date": "2025-04-13T23:31:26.935000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/75926"
},
{
"title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61516"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-330/"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-331/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90522"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4499"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4499"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-331"
},
{
"db": "ZDI",
"id": "ZDI-16-330"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "BID",
"id": "90522"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
},
{
"db": "NVD",
"id": "CVE-2016-4499"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-331",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-330",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2016-03213",
"ident": null
},
{
"db": "BID",
"id": "90522",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002712",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-4499",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-331",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-330",
"ident": null
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03213",
"ident": null
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90522",
"ident": null
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002712",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-198",
"ident": null
},
{
"date": "2016-05-12T01:59:14.857000",
"db": "NVD",
"id": "CVE-2016-4499",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-331",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-330",
"ident": null
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03213",
"ident": null
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "90522",
"ident": null
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002712",
"ident": null
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-198",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4499",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "BID",
"id": "90522"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Panasonic FPWIN Pro Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03213"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "5565f688-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-198"
}
],
"trust": 0.8
}
}
VAR-201605-0346
Vulnerability from variot - Updated: 2025-04-13 23:31Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion.". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": null
},
{
"_id": null,
"model": "fpwin pro",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.x"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "5.x from 7.130"
},
{
"_id": null,
"model": "fpwin pro",
"scope": null,
"trust": 0.7,
"vendor": "panasonic",
"version": null
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "5.x"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "6.x"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "lte",
"trust": 0.6,
"vendor": "panasonic",
"version": "\u003c=7.122"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fpwin pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:fpwin_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-334"
}
],
"trust": 0.7
},
"cve": "CVE-2016-4497",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2016-4497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-03215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "55646fa2-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.8,
"id": "CVE-2016-4497",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4497",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-4497",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2016-4497",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-03215",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
}
]
},
"description": {
"_id": null,
"data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4497"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "BID",
"id": "90523"
},
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-4497",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-131-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-334",
"trust": 2.3
},
{
"db": "BID",
"id": "90523",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-03215",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3504",
"trust": 0.7
},
{
"db": "IVD",
"id": "55646FA2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "BID",
"id": "90523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
}
]
},
"id": "VAR-201605-0346",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
}
],
"trust": 1.06451612
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
}
]
},
"last_update_date": "2025-04-13T23:31:26.894000Z",
"patch": {
"_id": null,
"data": [
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01"
},
{
"title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability - CNVD-2016-03215",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/75924"
},
{
"title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61518"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-334/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90523"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4497"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4497"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-334"
},
{
"db": "CNVD",
"id": "CNVD-2016-03215"
},
{
"db": "BID",
"id": "90523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
},
{
"db": "NVD",
"id": "CVE-2016-4497"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-334",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2016-03215",
"ident": null
},
{
"db": "BID",
"id": "90523",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002710",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-4497",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-334",
"ident": null
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03215",
"ident": null
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90523",
"ident": null
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002710",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-200",
"ident": null
},
{
"date": "2016-05-12T01:59:12.683000",
"db": "NVD",
"id": "CVE-2016-4497",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-334",
"ident": null
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03215",
"ident": null
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "90523",
"ident": null
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002710",
"ident": null
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-200",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4497",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002710"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "55646fa2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-200"
}
],
"trust": 0.8
}
}
VAR-201605-0345
Vulnerability from variot - Updated: 2025-04-13 23:31Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fpwin pro",
"scope": null,
"trust": 2.8,
"vendor": "panasonic",
"version": null
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": null
},
{
"_id": null,
"model": "fpwin pro",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.x"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "5.x from 7.130"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "5.x"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "6.x"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "lte",
"trust": 0.6,
"vendor": "panasonic",
"version": "\u003c=7.122"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fpwin pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:fpwin_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
}
],
"trust": 2.8
},
"cve": "CVE-2016-4496",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2016-4496",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 4.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-03208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "5562c54e-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.8,
"id": "CVE-2016-4496",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-4496",
"trust": 2.8,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4496",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-4496",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-03208",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
}
]
},
"description": {
"_id": null,
"data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4496"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "BID",
"id": "90520"
},
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 5.13
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-4496",
"trust": 6.3
},
{
"db": "ICS CERT",
"id": "ICSA-16-131-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-335",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-16-336",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-16-337",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-16-333",
"trust": 2.3
},
{
"db": "BID",
"id": "90520",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-03208",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3503",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3502",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3538",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3505",
"trust": 0.7
},
{
"db": "IVD",
"id": "5562C54E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "BID",
"id": "90520"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
}
]
},
"id": "VAR-201605-0345",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
}
],
"trust": 1.06451612
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
}
]
},
"last_update_date": "2025-04-13T23:31:26.840000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03208)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/75932"
},
{
"title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61519"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 5.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-337/"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-333/"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-336/"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-335/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90520"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4496"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4496"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-335"
},
{
"db": "ZDI",
"id": "ZDI-16-336"
},
{
"db": "ZDI",
"id": "ZDI-16-337"
},
{
"db": "ZDI",
"id": "ZDI-16-333"
},
{
"db": "CNVD",
"id": "CNVD-2016-03208"
},
{
"db": "BID",
"id": "90520"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
},
{
"db": "NVD",
"id": "CVE-2016-4496"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-335",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-336",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-337",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-333",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2016-03208",
"ident": null
},
{
"db": "BID",
"id": "90520",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002709",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-4496",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-335",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-336",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-337",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-333",
"ident": null
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03208",
"ident": null
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90520",
"ident": null
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002709",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-201",
"ident": null
},
{
"date": "2016-05-12T01:59:11.620000",
"db": "NVD",
"id": "CVE-2016-4496",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-335",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-336",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-337",
"ident": null
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-333",
"ident": null
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03208",
"ident": null
},
{
"date": "2016-07-05T22:21:00",
"db": "BID",
"id": "90520",
"ident": null
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002709",
"ident": null
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-201",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4496",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "BID",
"id": "90520"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002709"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "5562c54e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-201"
}
],
"trust": 0.8
}
}
VAR-201605-0347
Vulnerability from variot - Updated: 2025-04-13 23:31Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a local denial-of-service vulnerability. Failed attacks will cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0347",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "5.x from 7.130"
},
{
"model": "fpwin pro",
"scope": null,
"trust": 0.7,
"vendor": "panasonic",
"version": null
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "5.x"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "6.x"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.6,
"vendor": "panasonic",
"version": "\u003c=7.122"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fpwin pro",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:fpwin_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-332"
}
],
"trust": 0.7
},
"cve": "CVE-2016-4498",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4498",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2016-4498",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-03214",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "55650ad4-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2016-4498",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4498",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-4498",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2016-4498",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-03214",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-199",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a local denial-of-service vulnerability. Failed attacks will cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4498"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "BID",
"id": "90521"
},
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4498",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-131-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-332",
"trust": 2.3
},
{
"db": "BID",
"id": "90521",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-03214",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3456",
"trust": 0.7
},
{
"db": "IVD",
"id": "55650AD4-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "BID",
"id": "90521"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"id": "VAR-201605-0347",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
}
],
"trust": 1.06451612
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
}
]
},
"last_update_date": "2025-04-13T23:31:26.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01"
},
{
"title": "Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03214)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/75925"
},
{
"title": "Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61517"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-131-01"
},
{
"trust": 1.6,
"url": "http://zerodayinitiative.com/advisories/zdi-16-332/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/90521"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4498"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4498"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "BID",
"id": "90521"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"db": "BID",
"id": "90521"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
},
{
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"date": "2016-05-10T00:00:00",
"db": "BID",
"id": "90521"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"date": "2016-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-199"
},
{
"date": "2016-05-12T01:59:13.730000",
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "ZDI",
"id": "ZDI-16-332"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03214"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "90521"
},
{
"date": "2016-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002711"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-199"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4498"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002711"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "55650ad4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-199"
}
],
"trust": 0.8
}
}
VAR-201507-0329
Vulnerability from variot - Updated: 2025-04-13 23:22Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Ipropsapi.ipropsapiCtrl.1 ActiveX control. By passing an overly long string to the MulticastAddr method, an attacker can overflow a buffer on the stack. This vulnerability could be used to execute arbitrary code under the context of the user. The Panasonic Security API is an API interface for a webcam from Matsushita Electric Industrial Co., Ltd., Japan. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "security api",
"scope": null,
"trust": 1.3,
"vendor": "panasonic",
"version": null
},
{
"_id": null,
"model": "security api activex sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "8.10.14"
},
{
"_id": null,
"model": "security api activex sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "8.10.18"
},
{
"_id": null,
"model": "security api activex sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "8.10.14"
},
{
"_id": null,
"model": "security api",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "security api activex sdk",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:security_api_activex_sdk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
}
]
},
"credits": {
"_id": null,
"data": "kernelsmith - HP Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
],
"trust": 1.6
},
"cve": "CVE-2015-4648",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4648",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04200",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "859e78f2-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4648",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-4648",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-4648",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04200",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-635",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
}
]
},
"description": {
"_id": null,
"data": "Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Ipropsapi.ipropsapiCtrl.1 ActiveX control. By passing an overly long string to the MulticastAddr method, an attacker can overflow a buffer on the stack. This vulnerability could be used to execute arbitrary code under the context of the user. The Panasonic Security API is an API interface for a webcam from Matsushita Electric Industrial Co., Ltd., Japan. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4648"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-4648",
"trust": 4.2
},
{
"db": "ZDI",
"id": "ZDI-15-261",
"trust": 4.0
},
{
"db": "BID",
"id": "75405",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2015-04200",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2940",
"trust": 0.7
},
{
"db": "IVD",
"id": "859E78F2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
}
]
},
"id": "VAR-201507-0329",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
}
],
"trust": 1.3833333
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
}
]
},
"last_update_date": "2025-04-13T23:22:27.934000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SDK(PS-API)",
"trust": 0.8,
"url": "http://security.panasonic.com/pss/security/library/developer.html#SDK"
},
{
"title": "Panasonic has issued an update to correct this vulnerability.#SDK",
"trust": 0.7,
"url": "http://security.panasonic.com/pss/security/library/developer.html"
},
{
"title": "Patch for Panasonic Security API Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/60294"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-261/"
},
{
"trust": 1.9,
"url": "http://security.panasonic.com/pss/security/library/developer.html#sdk"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/75405"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4648"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4648"
},
{
"trust": 0.7,
"url": "http://security.panasonic.com/pss/security/library/developer.html"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-261"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-261"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
},
{
"db": "BID",
"id": "75405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
},
{
"db": "NVD",
"id": "CVE-2015-4648"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-15-261",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2015-04200",
"ident": null
},
{
"db": "BID",
"id": "75405",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003463",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-4648",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-261",
"ident": null
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04200",
"ident": null
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75405",
"ident": null
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003463",
"ident": null
},
{
"date": "2015-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-635",
"ident": null
},
{
"date": "2015-07-06T14:59:05.203000",
"db": "NVD",
"id": "CVE-2015-4648",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-261",
"ident": null
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04200",
"ident": null
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75405",
"ident": null
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003463",
"ident": null
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-635",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4648",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Panasonic Security API Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04200"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "859e78f2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-635"
}
],
"trust": 0.8
}
}
VAR-201507-0328
Vulnerability from variot - Updated: 2025-04-13 23:18Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the GetStringInfo method. By passing a large string to the method, an attacker can cause a fixed-length stack buffer to overflow. An attacker could leverage this vulnerability to execute code under the context of the current process. The Panasonic Security API SDK is an API interface development kit (SDK) for a webcam from Matsushita Electric Industrial Co., Ltd., Japan. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security api",
"scope": null,
"trust": 1.4,
"vendor": "panasonic",
"version": null
},
{
"model": "security api activex sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "8.10.14"
},
{
"model": "security api activex sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "panasonic",
"version": "8.10.18"
},
{
"model": "security api sdk",
"scope": null,
"trust": 0.6,
"vendor": "panasonic",
"version": null
},
{
"model": "security api activex sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "8.10.14"
},
{
"model": "security api",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "security api activex sdk",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:security_api_activex_sdk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
],
"trust": 2.3
},
"cve": "CVE-2015-4647",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-4647",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4647",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04199",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "859ac086-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2015-4647",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4647",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-4647",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-04199",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-636",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the GetStringInfo method. By passing a large string to the method, an attacker can cause a fixed-length stack buffer to overflow. An attacker could leverage this vulnerability to execute code under the context of the current process. The Panasonic Security API SDK is an API interface development kit (SDK) for a webcam from Matsushita Electric Industrial Co., Ltd., Japan. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4647"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.87
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4647",
"trust": 4.9
},
{
"db": "ZDI",
"id": "ZDI-15-260",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-15-259",
"trust": 3.4
},
{
"db": "BID",
"id": "75409",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2015-04199",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2752",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2753",
"trust": 0.7
},
{
"db": "IVD",
"id": "859AC086-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"id": "VAR-201507-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
}
],
"trust": 1.59166665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
}
]
},
"last_update_date": "2025-04-13T23:18:05.332000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.#SDK",
"trust": 1.4,
"url": "http://security.panasonic.com/pss/security/library/developer.html"
},
{
"title": "SDK(PS-API)",
"trust": 0.8,
"url": "http://security.panasonic.com/pss/security/library/developer.html#SDK"
},
{
"title": "Patch for Panasonic Security API SDK Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/60296"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-260/"
},
{
"trust": 2.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-259/"
},
{
"trust": 1.9,
"url": "http://security.panasonic.com/pss/security/library/developer.html#sdk"
},
{
"trust": 1.4,
"url": "http://security.panasonic.com/pss/security/library/developer.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/75409"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4647"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4647"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-260"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"db": "BID",
"id": "75409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
},
{
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75409"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"date": "2015-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-636"
},
{
"date": "2015-07-06T14:59:04.313000",
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-260"
},
{
"date": "2015-06-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-259"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04199"
},
{
"date": "2015-06-24T00:00:00",
"db": "BID",
"id": "75409"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003462"
},
{
"date": "2015-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-636"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4647"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Security API SDK Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04199"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "859ac086-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-636"
}
],
"trust": 0.8
}
}
VAR-201501-0672
Vulnerability from variot - Updated: 2025-04-13 23:04Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. Panasonic Provided by Arbitrator Back-End Server (BES) Vulnerability that does not encrypt communication between client and server (CWE-319) Exists. By this vulnerability Active Directory And other sensitive information have been reported to be leaked. CWE-319: Cleartext Transmission of Sensitive Information http://cwe.mitre.org/data/definitions/319.htmlThird parties may obtain confidential information. Panasonic Arbitrator is a surveillance camera application. This may result in further attacks. Panasonic Arbitrator is a high-definition car digital video recording system produced by Panasonic Corporation of Japan. There is a security flaw in Panasonic Arbitrator's BES, which is caused by the program not using encryption algorithms
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arbitrator back-end server mk 2.0 vpu",
"scope": "eq",
"trust": 1.2,
"vendor": "panasonic",
"version": null
},
{
"model": "arbitrator back-end server mk 3.0 vpu",
"scope": "eq",
"trust": 1.2,
"vendor": "panasonic",
"version": null
},
{
"model": "arbitrator back-end server mk 2.0 vpu",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "9.3.1"
},
{
"model": "arbitrator back-end server mk 3.0 vpu",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "9.3.1"
},
{
"model": "arbitrator back-end server mk 2.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "9.3.1"
},
{
"model": "arbitrator back-end server mk 3.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "9.3.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "panasonic",
"version": null
},
{
"model": "arbitrator mk 2.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "using direct lan"
},
{
"model": "arbitrator mk 2.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "using usb wi-fi"
},
{
"model": "arbitrator mk 3.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "using direct lan"
},
{
"model": "arbitrator mk 3.0 vpu",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "using embedded wi-fi"
},
{
"model": "arbitrator build",
"scope": "lt",
"trust": 0.6,
"vendor": "panasonic",
"version": "9.3.14.08.003.0"
},
{
"model": "mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.0"
},
{
"model": "mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "2.0"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.09.3.1"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.0-"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "2.09.3.1"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "2.0-"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.2,
"vendor": "panasonic",
"version": "2.0\u003c=9.3.1"
},
{
"model": "arbitrator back-end server mk vpu",
"scope": "eq",
"trust": 0.2,
"vendor": "panasonic",
"version": "3.0\u003c=9.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:panasonic:arbitrator_back-end_server_mk_2.0_vpu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:panasonic:arbitrator_back-end_server_mk_3.0_vpu",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "BID",
"id": "72058"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-9596",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-001038",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-00396",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-77541",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9596",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-001038",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-319",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77541",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. Panasonic Provided by Arbitrator Back-End Server (BES) Vulnerability that does not encrypt communication between client and server (CWE-319) Exists. By this vulnerability Active Directory And other sensitive information have been reported to be leaked. CWE-319: Cleartext Transmission of Sensitive Information http://cwe.mitre.org/data/definitions/319.htmlThird parties may obtain confidential information. Panasonic Arbitrator is a surveillance camera application. This may result in further attacks. Panasonic Arbitrator is a high-definition car digital video recording system produced by Panasonic Corporation of Japan. There is a security flaw in Panasonic Arbitrator\u0027s BES, which is caused by the program not using encryption algorithms",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9596"
},
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-77541"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#117604",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2014-9596",
"trust": 3.6
},
{
"db": "BID",
"id": "72058",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00396",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96405828",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038",
"trust": 0.8
},
{
"db": "BID",
"id": "77722",
"trust": 0.4
},
{
"db": "IVD",
"id": "A97CBBF8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77541",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"id": "VAR-201501-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
}
],
"trust": 1.7125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
}
]
},
"last_update_date": "2025-04-13T23:04:36.883000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Arbitrator 360\u00b0 Important Security Update",
"trust": 0.8,
"url": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef\u0026id=21f059b3ab"
},
{
"title": "Patch for Panasonic Arbitrator Back-End Server (BES) Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54057"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef\u0026id=21f059b3ab"
},
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/117604"
},
{
"trust": 1.4,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9596"
},
{
"trust": 1.1,
"url": "http://www.panasonic.com/business/arbitrator/index.asp"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9596"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96405828/index.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72058"
},
{
"trust": 0.1,
"url": "http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef\u0026amp;id=21f059b3ab"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#117604"
},
{
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"db": "VULHUB",
"id": "VHN-77541"
},
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
},
{
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-19T00:00:00",
"db": "IVD",
"id": "a97cbbf8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#117604"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"date": "2015-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-77541"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72058"
},
{
"date": "2015-01-15T00:00:00",
"db": "BID",
"id": "77722"
},
{
"date": "2015-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"date": "2015-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-319"
},
{
"date": "2015-01-15T23:59:00.053000",
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#117604"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00396"
},
{
"date": "2015-01-16T00:00:00",
"db": "VULHUB",
"id": "VHN-77541"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72058"
},
{
"date": "2015-01-15T00:00:00",
"db": "BID",
"id": "77722"
},
{
"date": "2015-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001038"
},
{
"date": "2015-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-319"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-9596"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "72058"
},
{
"db": "BID",
"id": "77722"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication",
"sources": [
{
"db": "CERT/CC",
"id": "VU#117604"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-319"
}
],
"trust": 0.6
}
}
VAR-201410-0978
Vulnerability from variot - Updated: 2025-04-13 21:46Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory.". User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the GetImageDataPrint method of the WebVideoCam ActiveX control. The issue lies in the ability to nullify an arbitrary address in memory. An attacker can leverage this vulnerability to execute code under the context of the current process. Panasonic Network Camera View is a webcam viewing app. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "network camera view",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "4.0"
},
{
"_id": null,
"model": "network camera view",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.0"
},
{
"_id": null,
"model": "network camera view",
"scope": "eq",
"trust": 1.4,
"vendor": "panasonic",
"version": "3"
},
{
"_id": null,
"model": "network camera view",
"scope": "eq",
"trust": 1.4,
"vendor": "panasonic",
"version": "4"
},
{
"_id": null,
"model": "network camera view",
"scope": null,
"trust": 0.7,
"vendor": "panasonic",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "network camera view",
"version": "3.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "network camera view",
"version": "4.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:panasonic:network_camera_view",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
}
]
},
"credits": {
"_id": null,
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-364"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8755",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-8755",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8755",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07344",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-76700",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8755",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8755",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2014-8755",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-07344",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-597",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76700",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "VULHUB",
"id": "VHN-76700"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
}
]
},
"description": {
"_id": null,
"data": "Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to \"the ability to nullify an arbitrary address in memory.\". User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the GetImageDataPrint method of the WebVideoCam ActiveX control. The issue lies in the ability to nullify an arbitrary address in memory. An attacker can leverage this vulnerability to execute code under the context of the current process. Panasonic Network Camera View is a webcam viewing app. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8755"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "BID",
"id": "70593"
},
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76700"
}
],
"trust": 3.33
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-8755",
"trust": 4.4
},
{
"db": "ZDI",
"id": "ZDI-14-364",
"trust": 3.8
},
{
"db": "BID",
"id": "70593",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-07344",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2357",
"trust": 0.7
},
{
"db": "IVD",
"id": "C4A09E04-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76700",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "VULHUB",
"id": "VHN-76700"
},
{
"db": "BID",
"id": "70593"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
}
]
},
"id": "VAR-201410-0978",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "VULHUB",
"id": "VHN-76700"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
}
]
},
"last_update_date": "2025-04-13T21:46:23.237000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Update for Network Camera View 3,4",
"trust": 1.5,
"url": "http://security.panasonic.com/pss/security/library/howto_update_NCV.html"
},
{
"title": "Panasonic Network Camera View WebVideoCam ActiveX Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/51309"
},
{
"title": "nwcv_3_4_update",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52078"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76700"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-14-364/"
},
{
"trust": 2.4,
"url": "http://security.panasonic.com/pss/security/library/howto_update_ncv.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8755"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8755"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "ZDI",
"id": "ZDI-14-364"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "VULHUB",
"id": "VHN-76700"
},
{
"db": "BID",
"id": "70593"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
},
{
"db": "NVD",
"id": "CVE-2014-8755"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "OTHER",
"id": null,
"ident": null
},
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-364",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-07344",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-76700",
"ident": null
},
{
"db": "BID",
"id": "70593",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004962",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-8755",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-10-24T00:00:00",
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-10-14T00:00:00",
"db": "ZDI",
"id": "ZDI-14-364",
"ident": null
},
{
"date": "2014-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07344",
"ident": null
},
{
"date": "2014-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-76700",
"ident": null
},
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "70593",
"ident": null
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004962",
"ident": null
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-597",
"ident": null
},
{
"date": "2014-10-17T15:55:08.430000",
"db": "NVD",
"id": "CVE-2014-8755",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "ZDI",
"id": "ZDI-14-364",
"ident": null
},
{
"date": "2014-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07344",
"ident": null
},
{
"date": "2014-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-76700",
"ident": null
},
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "70593",
"ident": null
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004962",
"ident": null
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-597",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8755",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Panasonic Network Camera View WebVideoCam ActiveX Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07344"
},
{
"db": "BID",
"id": "70593"
}
],
"trust": 1.1
},
"type": {
"_id": null,
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "c4a09e04-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-597"
}
],
"trust": 0.8
}
}
VAR-200808-0313
Vulnerability from variot - Updated: 2025-04-10 22:03Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple Panasonic Communications Co., Ltd. network cameras contain a cross-site scripting vulnerability. Panasonic Communications Co., Ltd. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.An arbitrary script could be executed on the user's web browser. Panasonic Network Cameras are prone to multiple cross-site scripting vulnerabilities because the devices fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The following versions of Panasonic Network Cameras are vulnerable: BL-C111 Ver.3.14R02 and prior BL-C131 Ver.3.14R03 and prior BB-HCM511 Ver.3.20R01 and prior BB-HCM531 Ver.3.20R01 and prior BB-HCM580 Ver.3.21R00 and prior BB-HCM581 Ver.3.21R00 and prior BB-HCM527 Ver.3.30R00 and prior BB-HCM515 Ver.3.20R01 and prior.
Input passed to unspecified parameters in the error page is not properly sanitised before being returned to the user.
The vulnerability is reported in the following products and versions: * BL-C111 Ver.3.14R02 and earlier * BL-C131 Ver.3.14R03 and earlier * BB-HCM511 Ver.3.20R01 and earlier * BB-HCM531 Ver.3.20R01 and earlier * BB-HCM580 Ver.3.21R00 and earlier * BB-HCM581 Ver.3.21R00 and earlier * BB-HCM527 Ver.3.30R00 and earlier * BB-HCM515 Ver.3.20R01 and earlier
SOLUTION: Reportedly, a fixed firmware version is available. Contact the vendor for details.
PROVIDED AND/OR DISCOVERED BY: NetAgent Co., Ltd.
ORIGINAL ADVISORY: http://jvn.jp/en/jp/JVN33706820/index.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bb hcm527",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.30"
},
{
"model": "bb hcm511",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.20"
},
{
"model": "bb hcm580",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.21"
},
{
"model": "bl c131",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.14"
},
{
"model": "bb hcm531",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.20"
},
{
"model": "bb hcm581",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.21"
},
{
"model": "bl c111",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.14"
},
{
"model": "bb hcm515",
"scope": "eq",
"trust": 1.6,
"vendor": "panasonic",
"version": "3.20"
},
{
"model": "bb-hcm511",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "ver.3.20r01"
},
{
"model": "bb-hcm515",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "ver.3.20r01"
},
{
"model": "bb-hcm527",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "ver.3.30r00"
},
{
"model": "bb-hcm531",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "ver.3.20r01"
},
{
"model": "bb-hcm580",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "ver.3.21r00"
},
{
"model": "bb-hcm581",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "ver.3.21r00"
},
{
"model": "bl-c111",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "ver.3.14r02"
},
{
"model": "bl-c131",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "ver.3.14r03"
},
{
"model": "bl c131 r03",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.14"
},
{
"model": "bl c111 r02",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.14"
},
{
"model": "bb hcm581 r00",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.21"
},
{
"model": "bb hcm580 r00",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.21"
},
{
"model": "bb hcm531 r01",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.20"
},
{
"model": "bb hcm527 r01",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.30"
},
{
"model": "bb hcm515 r01",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.20"
},
{
"model": "bb hcm511 r01",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "3.20"
},
{
"model": "network camera bl-c131 3.14r03",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "network camera bl-c111 3.14r02",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "network camera bb-hcm581 3.21r00",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "network camera bb-hcm580 3.21r00",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "network camera bb-hcm531 3.20r01",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "network camera bb-hcm527 3.30r00",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "network camera bb-hcm515 3.20r01",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": "network camera bb-hcm511 3.20r01",
"scope": null,
"trust": 0.3,
"vendor": "panasonic",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bb hcm511",
"version": "3.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bb hcm515",
"version": "3.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bb hcm527",
"version": "3.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bb hcm531",
"version": "3.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bb hcm580",
"version": "3.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bb hcm581",
"version": "3.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bl c111",
"version": "3.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bl c131",
"version": "3.14"
}
],
"sources": [
{
"db": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "80983"
},
{
"db": "BID",
"id": "30460"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-053"
},
{
"db": "NVD",
"id": "CVE-2008-3482"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:panasonic:bb_hcm511",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:panasonic:bb_hcm515",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:panasonic:bb_hcm527",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:panasonic:bb_hcm531",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:panasonic:bb_hcm580",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:panasonic:bb_hcm581",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:panasonic:bl_c111",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:panasonic:bl_c131",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-000037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "80983"
}
],
"trust": 0.3
},
"cve": "CVE-2008-3482",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-3482",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2008-000037",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "72adea44-23cd-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3482",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2008-000037",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-053",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-053"
},
{
"db": "NVD",
"id": "CVE-2008-3482"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple Panasonic Communications Co., Ltd. network cameras contain a cross-site scripting vulnerability. Panasonic Communications Co., Ltd. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.An arbitrary script could be executed on the user\u0027s web browser. Panasonic Network Cameras are prone to multiple cross-site scripting vulnerabilities because the devices fails to properly sanitize user-supplied input before using it in dynamically generated content. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nThe following versions of Panasonic Network Cameras are vulnerable:\nBL-C111 Ver.3.14R02 and prior\nBL-C131 Ver.3.14R03 and prior\nBB-HCM511 Ver.3.20R01 and prior\nBB-HCM531 Ver.3.20R01 and prior\nBB-HCM580 Ver.3.21R00 and prior\nBB-HCM581 Ver.3.21R00 and prior\nBB-HCM527 Ver.3.30R00 and prior\nBB-HCM515 Ver.3.20R01 and prior. \n\nInput passed to unspecified parameters in the error page is not\nproperly sanitised before being returned to the user. \n\nThe vulnerability is reported in the following products and\nversions:\n* BL-C111 Ver.3.14R02 and earlier\n* BL-C131 Ver.3.14R03 and earlier\n* BB-HCM511 Ver.3.20R01 and earlier\n* BB-HCM531 Ver.3.20R01 and earlier\n* BB-HCM580 Ver.3.21R00 and earlier\n* BB-HCM581 Ver.3.21R00 and earlier\n* BB-HCM527 Ver.3.30R00 and earlier\n* BB-HCM515 Ver.3.20R01 and earlier\n\nSOLUTION:\nReportedly, a fixed firmware version is available. Contact the vendor\nfor details. \n\nPROVIDED AND/OR DISCOVERED BY:\nNetAgent Co., Ltd. \n\nORIGINAL ADVISORY:\nhttp://jvn.jp/en/jp/JVN33706820/index.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3482"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-000037"
},
{
"db": "BID",
"id": "80983"
},
{
"db": "BID",
"id": "30460"
},
{
"db": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "68704"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2008-000037",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVN33706820",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2008-3482",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "31304",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2257",
"trust": 1.6
},
{
"db": "XF",
"id": "44118",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-200808-053",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN#33706820",
"trust": 0.6
},
{
"db": "BID",
"id": "80983",
"trust": 0.3
},
{
"db": "BID",
"id": "30460",
"trust": 0.3
},
{
"db": "IVD",
"id": "72ADEA44-23CD-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68704",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "80983"
},
{
"db": "BID",
"id": "30460"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-000037"
},
{
"db": "PACKETSTORM",
"id": "68704"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-053"
},
{
"db": "NVD",
"id": "CVE-2008-3482"
}
]
},
"id": "VAR-200808-0313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d"
}
],
"trust": 0.03
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2025-04-10T22:03:53.863000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Network Camera",
"trust": 0.8,
"url": "http://panasonic.net/pcc/support/netwkcam/support/info_xss.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-000037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-000037"
},
{
"db": "NVD",
"id": "CVE-2008-3482"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn33706820/index.html"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/31304"
},
{
"trust": 1.9,
"url": "http://panasonic.net/pcc/support/netwkcam/support/info_xss.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/contents/ja/2008/jvndb-2008-000037.html"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2257/references"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44118"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/44118"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3482"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/2257"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2008/jvndb-2008-000037.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3482"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2257/references"
},
{
"trust": 0.3,
"url": "http://panasonic.com/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19396/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31304/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19397/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "BID",
"id": "80983"
},
{
"db": "BID",
"id": "30460"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-000037"
},
{
"db": "PACKETSTORM",
"id": "68704"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-053"
},
{
"db": "NVD",
"id": "CVE-2008-3482"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "80983"
},
{
"db": "BID",
"id": "30460"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-000037"
},
{
"db": "PACKETSTORM",
"id": "68704"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-053"
},
{
"db": "NVD",
"id": "CVE-2008-3482"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-05T00:00:00",
"db": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d"
},
{
"date": "2008-08-05T00:00:00",
"db": "BID",
"id": "80983"
},
{
"date": "2008-07-31T00:00:00",
"db": "BID",
"id": "30460"
},
{
"date": "2008-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-000037"
},
{
"date": "2008-07-31T22:52:54",
"db": "PACKETSTORM",
"id": "68704"
},
{
"date": "2008-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-053"
},
{
"date": "2008-08-05T20:41:00",
"db": "NVD",
"id": "CVE-2008-3482"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-05T00:00:00",
"db": "BID",
"id": "80983"
},
{
"date": "2008-07-31T20:07:00",
"db": "BID",
"id": "30460"
},
{
"date": "2008-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-000037"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-053"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-3482"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "80983"
},
{
"db": "BID",
"id": "30460"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic NetworkCamera Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "72adea44-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-053"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "68704"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-053"
}
],
"trust": 0.7
}
}
VAR-202101-0140
Vulnerability from variot - Updated: 2024-11-23 23:04FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fpwin pro",
"scope": "lt",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.5.0.1"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "panasonic",
"version": "version 7.5.0.0"
},
{
"_id": null,
"model": "control fpwin pro",
"scope": null,
"trust": 0.7,
"vendor": "panasonic",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:fpwin_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
}
]
},
"credits": {
"_id": null,
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
}
],
"trust": 0.7
},
"cve": "CVE-2020-16236",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-16236",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-16236",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-001002",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-16236",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16236",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001002",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-16236",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-236",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-16236",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"description": {
"_id": null,
"data": "FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-16236",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-005-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92365365",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11579",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-068",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0048",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-16236",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"id": "VAR-202101-0140",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26451612
},
"last_update_date": "2024-11-23T23:04:07.841000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Programming Software Control FPWIN Pro",
"trust": 0.8,
"url": "https://industry.panasonic.eu/factory-automation/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
},
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
},
{
"title": "Panasonic FPWIN Pro Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138391"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16236"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92365365"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16236"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0048/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194260"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-068"
},
{
"db": "VULMON",
"id": "CVE-2020-16236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
},
{
"db": "NVD",
"id": "CVE-2020-16236"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-068",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-16236",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001002",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-236",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-16236",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-068",
"ident": null
},
{
"date": "2021-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16236",
"ident": null
},
{
"date": "2021-01-07T07:38:38",
"db": "JVNDB",
"id": "JVNDB-2021-001002",
"ident": null
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-236",
"ident": null
},
{
"date": "2021-01-26T18:15:39.787000",
"db": "NVD",
"id": "CVE-2020-16236",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-21-068",
"ident": null
},
{
"date": "2021-01-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16236",
"ident": null
},
{
"date": "2021-01-07T07:38:38",
"db": "JVNDB",
"id": "JVNDB-2021-001002",
"ident": null
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-236",
"ident": null
},
{
"date": "2024-11-21T05:06:59.873000",
"db": "NVD",
"id": "CVE-2020-16236",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Made by Panasonic FPWIN Pro Out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001002"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-236"
}
],
"trust": 0.6
}
}
VAR-201901-0829
Vulnerability from variot - Updated: 2024-11-23 22:45An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths (CWE-428). Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.If a malicious executable is placed on a certain path, it may be executed with the elevated privilege. PanasonicPC is a computer device from Matsushita Electric Industrial Co., Ltd. of Japan. An attacker could exploit the vulnerability to execute files with elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0829",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pc windows",
"scope": "eq",
"trust": 1.2,
"vendor": "panasonic",
"version": "7"
},
{
"model": "system interface device 0040",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
},
{
"model": "system interface device 0021",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
},
{
"model": "multiple computers",
"scope": null,
"trust": 0.8,
"vendor": "panasonic",
"version": null
},
{
"model": "pc windows",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "8"
},
{
"model": "pc windows",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "8.1"
},
{
"model": "pc windows",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:multiple_computers",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
}
]
},
"cve": "CVE-2018-16183",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-16183",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000123",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-24473",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-16183",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000123",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16183",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2018-000123",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-24473",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-917",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths (CWE-428). Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.If a malicious executable is placed on a certain path, it may be executed with the elevated privilege. PanasonicPC is a computer device from Matsushita Electric Industrial Co., Ltd. of Japan. An attacker could exploit the vulnerability to execute files with elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16183"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "CNVD",
"id": "CNVD-2018-24473"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16183",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN36895151",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2018-24473",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"id": "VAR-201901-0829",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
}
]
},
"last_update_date": "2024-11-23T22:45:06.964000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Remediate Service Path Vulnerability Utility (V1.00L10 M02) Panasonic PC in which Windows 10, Windows 8.1, Windows 8 and Windows 7 are pre-installed",
"trust": 0.8,
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
},
{
"title": "PanasonicPC registers patches for non-referenced service path vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/146105"
},
{
"title": "Panasonic PC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87335"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://jvn.jp/en/jp/jvn36895151/index.html"
},
{
"trust": 1.6,
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16183"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000123.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
},
{
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"date": "2018-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"date": "2018-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-917"
},
{
"date": "2019-01-09T23:29:03.967000",
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24473"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000123"
},
{
"date": "2019-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-917"
},
{
"date": "2024-11-21T03:52:14.567000",
"db": "NVD",
"id": "CVE-2018-16183"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic applications register unquoted service paths",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000123"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-917"
}
],
"trust": 0.6
}
}
VAR-201911-0447
Vulnerability from variot - Updated: 2024-11-23 22:41The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Panasonic Eluga Ray 600 Android The device is vulnerable to a lack of authentication.Information may be tampered with. The Panasonic Eluga Ray 600 is a smart phone from Japan's Panasonic. An attacker could use this vulnerability to modify system properties
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eluga ray 600",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga ray 600",
"scope": null,
"trust": 0.8,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga ray",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "600"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:panasonic:eluga_ray_600_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
}
]
},
"cve": "CVE-2019-15378",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15378",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-15996",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-15378",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15378",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15378",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-15378",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-15996",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-877",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Panasonic Eluga Ray 600 Android The device is vulnerable to a lack of authentication.Information may be tampered with. The Panasonic Eluga Ray 600 is a smart phone from Japan\u0027s Panasonic. An attacker could use this vulnerability to modify system properties",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15378"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "CNVD",
"id": "CNVD-2020-15996"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15378",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15996",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"id": "VAR-201911-0447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
}
]
},
"last_update_date": "2024-11-23T22:41:18.259000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Eluga Ray 600",
"trust": 0.8,
"url": "https://mobile.panasonic.com/in/smartphones/eluga-ray-600"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-862",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.kryptowire.com/android-firmware-2019/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15378"
},
{
"trust": 1.6,
"url": "https://mobile.panasonic.com/in/advisory"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
},
{
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"date": "2019-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-877"
},
{
"date": "2019-11-14T17:15:18.287000",
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"date": "2019-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012493"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-877"
},
{
"date": "2024-11-21T04:28:35.147000",
"db": "NVD",
"id": "CVE-2019-15378"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Eluga Ray 600 Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15996"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-877"
}
],
"trust": 0.6
}
}
VAR-201911-0545
Vulnerability from variot - Updated: 2024-11-23 22:21The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. Panasonic ELUGA_I9 Android Device contains an externally controllable reference vulnerability to another area resourceInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Panasonic ELUGA_I9 is a smart phone from Japan's Panasonic Corporation.
Panasonic ELUGA_I9 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0545",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eluga i9",
"scope": null,
"trust": 1.4,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga i9",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:panasonic:eluga_i9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
}
]
},
"cve": "CVE-2019-15429",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15429",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16017",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-15429",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15429",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15429",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16017",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-931",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. Panasonic ELUGA_I9 Android Device contains an externally controllable reference vulnerability to another area resourceInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Panasonic ELUGA_I9 is a smart phone from Japan\u0027s Panasonic Corporation. \n\r\n\r\nPanasonic ELUGA_I9 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15429"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "CNVD",
"id": "CNVD-2020-16017"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15429",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-16017",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"id": "VAR-201911-0545",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
}
]
},
"last_update_date": "2024-11-23T22:21:24.612000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ELUGA I9",
"trust": 0.8,
"url": "https://mobile.panasonic.com/in/smartphones/eluga-i9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-610",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.kryptowire.com/android-firmware-2019/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15429"
},
{
"trust": 1.6,
"url": "https://mobile.panasonic.com/in/advisory"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15429"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
},
{
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"date": "2019-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-931"
},
{
"date": "2019-11-14T17:15:21.757000",
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"date": "2019-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012299"
},
{
"date": "2020-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-931"
},
{
"date": "2024-11-21T04:28:42.617000",
"db": "NVD",
"id": "CVE-2019-15429"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic ELUGA_I9 Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16017"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-931"
}
],
"trust": 0.6
}
}
VAR-201906-0209
Vulnerability from variot - Updated: 2024-11-23 22:16Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": null,
"trust": 2.1,
"vendor": "panasonic",
"version": null
},
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"model": "control fpwin pro",
"scope": "ne",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.1.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:fpwin_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "9sg Security Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
}
],
"trust": 2.1
},
"cve": "CVE-2019-6532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-6532",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6532",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6532",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6532",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-6532",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6532",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6532",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-279",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6532",
"trust": 4.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-157-02",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-19-568",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-570",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-566",
"trust": 2.3
},
{
"db": "BID",
"id": "108683",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7851",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7850",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7849",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"id": "VAR-201906-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26451612
},
"last_update_date": "2024-11-23T22:16:59.547000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic FPWIN Pro Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93360"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.0
},
{
"problemtype": "CWE-704",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-570/"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/108683"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-568/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-566/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6532"
},
{
"trust": 0.9,
"url": "http://panasonic.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6532"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2044/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
},
{
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"date": "2019-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-279"
},
{
"date": "2019-06-07T14:29:00.480000",
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-570"
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-566"
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005356"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-279"
},
{
"date": "2024-11-21T04:46:38.490000",
"db": "NVD",
"id": "CVE-2019-6532"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Control FPWIN Pro Project File Parsing sc_obj Type Confusion Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-568"
},
{
"db": "ZDI",
"id": "ZDI-19-570"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-279"
}
],
"trust": 0.6
}
}
VAR-201906-0208
Vulnerability from variot - Updated: 2024-11-23 22:16Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "control fpwin pro",
"scope": null,
"trust": 1.4,
"vendor": "panasonic",
"version": null
},
{
"_id": null,
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"_id": null,
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"_id": null,
"model": "control fpwin pro",
"scope": "eq",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.0.0"
},
{
"_id": null,
"model": "control fpwin pro",
"scope": "ne",
"trust": 0.3,
"vendor": "panasonic",
"version": "7.3.1.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:panasonic:fpwin_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
}
]
},
"credits": {
"_id": null,
"data": "9sg Security Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
}
],
"trust": 1.4
},
"cve": "CVE-2019-6530",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-6530",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6530",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6530",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6530",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-6530",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6530",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6530",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-281",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"description": {
"_id": null,
"data": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. \nPanasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
}
],
"trust": 3.15
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-6530",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-157-02",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-19-565",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-567",
"trust": 2.3
},
{
"db": "BID",
"id": "108683",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7848",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7852",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"id": "VAR-201906-0208",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26451612
},
"last_update_date": "2024-11-23T22:16:59.508000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Panasonic has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
},
{
"title": "FPWIN Pro",
"trust": 0.8,
"url": "https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm"
},
{
"title": "Panasonic FPWIN Pro Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93362"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-157-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/108683"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-567/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-565/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6530"
},
{
"trust": 0.9,
"url": "http://panasonic.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6530"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2044/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-565"
},
{
"db": "ZDI",
"id": "ZDI-19-567"
},
{
"db": "BID",
"id": "108683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
},
{
"db": "NVD",
"id": "CVE-2019-6530"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-565",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-567",
"ident": null
},
{
"db": "BID",
"id": "108683",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005355",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-6530",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-565",
"ident": null
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-567",
"ident": null
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683",
"ident": null
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005355",
"ident": null
},
{
"date": "2019-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-281",
"ident": null
},
{
"date": "2019-06-07T14:29:00.400000",
"db": "NVD",
"id": "CVE-2019-6530",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-565",
"ident": null
},
{
"date": "2019-06-13T00:00:00",
"db": "ZDI",
"id": "ZDI-19-567",
"ident": null
},
{
"date": "2019-06-06T00:00:00",
"db": "BID",
"id": "108683",
"ident": null
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005355",
"ident": null
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-281",
"ident": null
},
{
"date": "2024-11-21T04:46:38.260000",
"db": "NVD",
"id": "CVE-2019-6530",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Panasonic FPWIN Pro Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005355"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-281"
}
],
"trust": 0.6
}
}
VAR-201911-0541
Vulnerability from variot - Updated: 2024-11-23 22:11The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Panasonic Eluga Ray 530 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Panasonic Eluga Ray 530 is a smart phone from Japan's Panasonic. An attacker could use this vulnerability to modify system properties
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0541",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eluga ray 530",
"scope": "eq",
"trust": 1.0,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga ray 530",
"scope": null,
"trust": 0.8,
"vendor": "panasonic",
"version": null
},
{
"model": "eluga ray",
"scope": "eq",
"trust": 0.6,
"vendor": "panasonic",
"version": "530"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:panasonic:eluga_ray_530_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
}
]
},
"cve": "CVE-2019-15376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15376",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-15994",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-15376",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15376",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15376",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-15376",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-15994",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-878",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Panasonic Eluga Ray 530 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Panasonic Eluga Ray 530 is a smart phone from Japan\u0027s Panasonic. An attacker could use this vulnerability to modify system properties",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15376"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "CNVD",
"id": "CNVD-2020-15994"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15376",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15994",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"id": "VAR-201911-0541",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
}
]
},
"last_update_date": "2024-11-23T22:11:46.559000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ELUGA RAY 530",
"trust": 0.8,
"url": "https://mobile.panasonic.com/in/smartphones/eluga-ray-530"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-862",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.kryptowire.com/android-firmware-2019/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15376"
},
{
"trust": 1.6,
"url": "https://mobile.panasonic.com/in/advisory"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15376"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
},
{
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-878"
},
{
"date": "2019-11-14T17:15:18.147000",
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"date": "2019-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012172"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-878"
},
{
"date": "2024-11-21T04:28:34.870000",
"db": "NVD",
"id": "CVE-2019-15376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic Eluga Ray 530 Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15994"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-878"
}
],
"trust": 0.6
}
}
VAR-201901-0728
Vulnerability from variot - Updated: 2024-11-23 22:00Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0728",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "1.0.9"
},
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "version 1.0.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:panasonic:bn-sdwbp3_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
}
]
},
"cve": "CVE-2018-0678",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2018-0678",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-118880",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-0678",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 1.6,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0678",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-267",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118880",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0678"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "VULHUB",
"id": "VHN-118880"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN65082538",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0678",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118880",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"id": "VAR-201901-0728",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:09.287000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Wi-Fi Card reader - App Store",
"trust": 0.8,
"url": "https://itunes.apple.com/us/app/wi-fikadorida/id859950047?l=ja\u0026ls=1\u0026mt=8"
},
{
"title": "Panasonic Wi-Fi Card reader - Google Play",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.panasonic.avc.media.wifirw\u0026hl=en_US"
},
{
"title": "Panasonic Corporation website",
"trust": 0.8,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"title": "Panasonic BN-SDWBP3 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88450"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn65082538/index.html"
},
{
"trust": 1.6,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0678"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0678"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000122.html"
},
{
"trust": 0.1,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026amp;site_domain=p3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
},
{
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118880"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-267"
},
{
"date": "2019-01-09T23:29:01.903000",
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-118880"
},
{
"date": "2019-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-267"
},
{
"date": "2024-11-21T03:38:43.503000",
"db": "NVD",
"id": "CVE-2018-0678"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Panasonic BN-SDWBP3",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-267"
}
],
"trust": 0.6
}
}
VAR-201901-0727
Vulnerability from variot - Updated: 2024-11-23 22:00BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An operating system command injection vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0727",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "1.0.9"
},
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "version 1.0.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:panasonic:bn-sdwbp3_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
}
]
},
"cve": "CVE-2018-0677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CVE-2018-0677",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-118879",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-0677",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 1.6,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0677",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-266",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118879",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An operating system command injection vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0677"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "VULHUB",
"id": "VHN-118879"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN65082538",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0677",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118879",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"id": "VAR-201901-0727",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:09.262000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Wi-Fi Card reader - App Store",
"trust": 0.8,
"url": "https://itunes.apple.com/us/app/wi-fikadorida/id859950047?l=ja\u0026ls=1\u0026mt=8"
},
{
"title": "Panasonic Wi-Fi Card reader - Google Play",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.panasonic.avc.media.wifirw\u0026hl=en_US"
},
{
"title": "Panasonic Corporation website",
"trust": 0.8,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"title": "Panasonic BN-SDWBP3 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88449"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn65082538/index.html"
},
{
"trust": 1.6,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0678"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0678"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000122.html"
},
{
"trust": 0.1,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026amp;site_domain=p3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
},
{
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118879"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-266"
},
{
"date": "2019-01-09T23:29:01.857000",
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-118879"
},
{
"date": "2019-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-266"
},
{
"date": "2024-11-21T03:38:43.383000",
"db": "NVD",
"id": "CVE-2018-0677"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Panasonic BN-SDWBP3",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-266"
}
],
"trust": 0.6
}
}
VAR-201901-0726
Vulnerability from variot - Updated: 2024-11-23 22:00BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An authorization issue vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0726",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "1.0.9"
},
{
"model": "bn-sdwbp3",
"scope": "lte",
"trust": 0.8,
"vendor": "panasonic",
"version": "version 1.0.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:panasonic:bn-sdwbp3_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
}
]
},
"cve": "CVE-2018-0676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-0676",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-118878",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0676",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 1.6,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0676",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2018-000122",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-265",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118878",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An authorization issue vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0676"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "VULHUB",
"id": "VHN-118878"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN65082538",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0676",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"id": "VAR-201901-0726",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:09.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Panasonic Wi-Fi Card reader - App Store",
"trust": 0.8,
"url": "https://itunes.apple.com/us/app/wi-fikadorida/id859950047?l=ja\u0026ls=1\u0026mt=8"
},
{
"title": "Panasonic Wi-Fi Card reader - Google Play",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.panasonic.avc.media.wifirw\u0026hl=en_US"
},
{
"title": "Panasonic Corporation website",
"trust": 0.8,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"title": "Panasonic BN-SDWBP3 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88448"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn65082538/index.html"
},
{
"trust": 1.6,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0678"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0676"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0678"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000122.html"
},
{
"trust": 0.1,
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026amp;site_domain=p3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
},
{
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118878"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-265"
},
{
"date": "2019-01-09T23:29:01.793000",
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-118878"
},
{
"date": "2019-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000122"
},
{
"date": "2019-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-265"
},
{
"date": "2024-11-21T03:38:43.257000",
"db": "NVD",
"id": "CVE-2018-0676"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Panasonic BN-SDWBP3",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000122"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-265"
}
],
"trust": 0.6
}
}
VAR-202312-1096
Vulnerability from variot - Updated: 2024-09-25 23:21Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.7.0.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"cve": "CVE-2023-6315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-6315",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-6315",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "product-security@gg.jp.panasonic.com",
"id": "CVE-2023-6315",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
},
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6315",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"id": "VAR-202312-1096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26451612
},
"last_update_date": "2024-09-25T23:21:04.720000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-19T01:15:12.310000",
"db": "NVD",
"id": "CVE-2023-6315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-25T01:36:48.463000",
"db": "NVD",
"id": "CVE-2023-6315"
}
]
}
}
VAR-202307-1941
Vulnerability from variot - Updated: 2024-08-14 15:41A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control fpwin pro",
"scope": "lte",
"trust": 1.0,
"vendor": "panasonic",
"version": "7.6.0.3"
},
{
"model": "fpwin pro",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "7 ver. 7.6.0.3 and earlier"
},
{
"model": "fpwin pro",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d1\u30ca\u30bd\u30cb\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"cve": "CVE-2023-28728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-28728",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "product-security@gg.jp.panasonic.com",
"id": "CVE-2023-28728",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002906",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "VULMON",
"id": "CVE-2023-28728"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-28728",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU96622721",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-192-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-28728",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"id": "VAR-202307-1941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26451612
},
"last_update_date": "2024-08-14T15:41:40.105000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "software \u00a0\u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 download Panasonic",
"trust": 0.8,
"url": "https://www3.panasonic.biz/ac/j/dl/software/index.jsp?series_cd=3359"
},
{
"title": "Panasonic Control FPWIN Pro Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247071"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Mistake of type (CWE-843) [ others ]",
"trust": 0.8
},
{
"problemtype": " Buffer error (CWE-119) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96622721/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28730"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28728"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28729"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-28728/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-21T07:15:09.707000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28728"
},
{
"date": "2024-04-18T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-002906"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1800"
},
{
"date": "2023-07-31T20:58:56.437000",
"db": "NVD",
"id": "CVE-2023-28728"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Panasonic\u00a0 Made \u00a0Control\u00a0FPWIN\u00a0Pro7\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1800"
}
],
"trust": 0.6
}
}