CVE-2016-4498 – Panasonic FPWIN Pro CPlcSetting::Load Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4498
Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. Panasonic FPWIN Pro 5.x hasta la versión 7.x en versiones anteriores a 7.130 accede a un puntero no inicializado, lo que permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. • http://www.securityfocus.com/bid/90521 http://zerodayinitiative.com/advisories/ZDI-16-332 https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01 • CWE-20: Improper Input Validation •
CVE-2016-4497 – Panasonic FPWIN Pro DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4497
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." Panasonic FPWIN Pro 5.x hasta la versión 7.x en versiones anteriores a 7.130 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que aprovechan "confusión de tipo". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. • http://www.securityfocus.com/bid/90523 http://zerodayinitiative.com/advisories/ZDI-16-334 https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01 • CWE-20: Improper Input Validation •
CVE-2016-4496 – Panasonic FPWIN Pro SCTASK Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4496
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. Panasonic FPWIN Pro 5.x hasta la versión 7.x en versiones anteriores a 7.130 permite a usuarios locales provocar una denegación de servicio (escritura fuera de límites) o posiblemente tener otro impacto no especificado desencadenando un valor de índice manipulado, según lo demostrado por un desbordamiento de entero. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of a project file. A specially-crafted project file will lead to the construction of an SCTASK object followed by writes to the object that are outside its bounds. • http://www.securityfocus.com/bid/90520 http://zerodayinitiative.com/advisories/ZDI-16-333 http://zerodayinitiative.com/advisories/ZDI-16-335 http://zerodayinitiative.com/advisories/ZDI-16-336 http://zerodayinitiative.com/advisories/ZDI-16-337 https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4499 – Panasonic FPWIN Pro GetBlock Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4499
Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en Panasonic FPWIN Pro 5.x hasta la versión 7.x en versiones anteriores a 7.130 permite a usuarios locales provocar una denegación de servicio (caída de aplicación) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the GetBlock method of the HEAPSTREAM object. • http://www.securityfocus.com/bid/90522 http://zerodayinitiative.com/advisories/ZDI-16-330 http://zerodayinitiative.com/advisories/ZDI-16-331 https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •