CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28728
https://notcve.org/view.php?id=CVE-2023-28728
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. • https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32972
https://notcve.org/view.php?id=CVE-2021-32972
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. Panasonic FPWIN Pro, todas las versiones 7.5.1.1 y anteriores, permite a un atacante diseñar un archivo de proyecto especificando un URI que causa al analizador XML acceder al URI e insertar el contenido, lo que puede permitir al atacante divulgar información que es accesible en el contexto del usuario que ejecuta el software • https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16236 – anasonic FPWIN Pro
https://notcve.org/view.php?id=CVE-2020-16236
FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro es suceptible a una vulnerabilidad de lectura fuera de límites cuando un usuario abre un archivo de proyecto diseñado con fines maliciosos, lo que puede permitir a un atacante ejecutar código arbitrario remotamente This vulnerability allows remote attackers to execute arbitrary code on affected installations of Panasonic Control FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6532 – Panasonic Control FPWIN PRO Project File Parsing sc_obj Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6532
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. Panasonic FPWIN Pro, versión 7.3.0.0 y anteriores, permite que los archivos de proyecto creados por el atacante sean cargados por un usuario identificado que desencadena errores de tipo incompatible porque el recurso no presenta propiedades esperadas. Esto puede conducir a la ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. • http://www.securityfocus.com/bid/108683 https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 https://www.zerodayinitiative.com/advisories/ZDI-19-566 https://www.zerodayinitiative.com/advisories/ZDI-19-568 https://www.zerodayinitiative.com/advisories/ZDI-19-570 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-6530 – Panasonic Control FPWIN PRO Project File Parsing sc_app Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6530
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro, versión 7.3.0.0 y anteriores permite que los archivos de proyecto creados por el atacante sean cargados por un usuario autorizado causando desbordamientos de búfer en la región heap de la memoria, lo que puede conducir a la ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. • http://www.securityfocus.com/bid/108683 https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 https://www.zerodayinitiative.com/advisories/ZDI-19-565 https://www.zerodayinitiative.com/advisories/ZDI-19-567 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •