CVE-2019-6530 – Panasonic Control FPWIN PRO Project File Parsing sc_app Heap-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2019-6530

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro, versión 7.3.0.0 y anteriores permite que los archivos de proyecto creados por el atacante sean cargados por un usuario autorizado causando desbordamientos de búfer en la región heap de la memoria, lo que puede conducir a la ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. • http://www.securityfocus.com/bid/108683 https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 https://www.zerodayinitiative.com/advisories/ZDI-19-565 https://www.zerodayinitiative.com/advisories/ZDI-19-567 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •