7.3.0.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

panasonic

CWE-787

NVD

Published: 2019-06-07

Updated: 2020-10-16

Summary

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Panasonic Panasonic Control Fpwin PRO 6.414 Panasonic Control Fpwin PRO 7.3.0.0	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02
http://www.securityfocus.com/bid/108683
https://www.zerodayinitiative.com/advisories/ZDI-19-567/
https://www.zerodayinitiative.com/advisories/ZDI-19-565/