Vulnerabilities > CVE-2019-6532 - Incorrect Type Conversion or Cast vulnerability in Panasonic Control Fpwin PRO

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

panasonic

CWE-704

NVD

Published: 2019-06-07

Updated: 2019-06-13

Summary

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Panasonic Panasonic Control Fpwin PRO *	1

Common Weakness Enumeration (CWE)

CWE-704 - Incorrect Type Conversion or Cast

References

http://www.securityfocus.com/bid/108683
https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02
https://www.zerodayinitiative.com/advisories/ZDI-19-566/
https://www.zerodayinitiative.com/advisories/ZDI-19-568/
https://www.zerodayinitiative.com/advisories/ZDI-19-570/