Details of VAR-201605-0345

ID

VAR-201605-0345

CVE

CVE-2016-4496

TITLE

Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002709

DESCRIPTION

Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 5.13

sources: NVD: CVE-2016-4496 // JVNDB: JVNDB-2016-002709 // ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // BID: 90520 // IVD: 5562c54e-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5562c54e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03208

AFFECTED PRODUCTS

vendor:	panasonic	model:	fpwin pro	scope:	-	version:	-	Trust: 2.8
vendor:	panasonic	model:	fpwin pro	scope:	eq	version:	-	Trust: 1.6
vendor:	panasonic	model:	fpwin pro	scope:	lt	version:	7.x	Trust: 0.8
vendor:	panasonic	model:	fpwin pro	scope:	eq	version:	5.x from 7.130	Trust: 0.8
vendor:	panasonic	model:	fpwin pro	scope:	eq	version:	5.x	Trust: 0.6
vendor:	panasonic	model:	fpwin pro	scope:	eq	version:	6.x	Trust: 0.6
vendor:	panasonic	model:	fpwin pro	scope:	lte	version:	<=7.122	Trust: 0.6
vendor:	fpwin pro	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 5562c54e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // JVNDB: JVNDB-2016-002709 // CNNVD: CNNVD-201605-201 // NVD: CVE-2016-4496

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2016-4496
value:	MEDIUM
Trust: 2.8
nvd@nist.gov:	CVE-2016-4496
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-4496
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-03208
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201605-201
value:	MEDIUM
Trust: 0.6
IVD:	5562c54e-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2016-4496
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 4.6
CNVD:	CNVD-2016-03208
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5562c54e-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2016-4496
baseSeverity:	MEDIUM
baseScore:	4.2
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.8
impactScore:	3.4
version:	3.0
Trust: 1.8

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-002709 // NVD: CVE-2016-4496

THREAT TYPE

local

Trust: 0.9

sources: BID: 90520 // CNNVD: CNNVD-201605-201

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 5562c54e-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201605-201

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002709

PATCH

title:	Panasonic has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01	Trust: 2.8
title:	FPWIN Pro	url:	https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm	Trust: 0.8
title:	Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03208)	url:	https://www.cnvd.org.cn/patchInfo/show/75932	Trust: 0.6
title:	Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61519	Trust: 0.6

sources: ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // JVNDB: JVNDB-2016-002709 // CNNVD: CNNVD-201605-201

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4496	Trust: 6.3
db:	ICS CERT	id:	ICSA-16-131-01	Trust: 3.0
db:	ZDI	id:	ZDI-16-335	Trust: 2.3
db:	ZDI	id:	ZDI-16-336	Trust: 2.3
db:	ZDI	id:	ZDI-16-337	Trust: 2.3
db:	ZDI	id:	ZDI-16-333	Trust: 2.3
db:	BID	id:	90520	Trust: 1.3
db:	CNVD	id:	CNVD-2016-03208	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-201	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002709	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3503	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3502	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3538	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3505	Trust: 0.7
db:	IVD	id:	5562C54E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 5562c54e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // BID: 90520 // JVNDB: JVNDB-2016-002709 // CNNVD: CNNVD-201605-201 // NVD: CVE-2016-4496

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-131-01	Trust: 5.8
url:	http://zerodayinitiative.com/advisories/zdi-16-337/	Trust: 1.6
url:	http://zerodayinitiative.com/advisories/zdi-16-333/	Trust: 1.6
url:	http://zerodayinitiative.com/advisories/zdi-16-336/	Trust: 1.6
url:	http://zerodayinitiative.com/advisories/zdi-16-335/	Trust: 1.6
url:	http://www.securityfocus.com/bid/90520	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4496	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4496	Trust: 0.8
url:	http://panasonic.com/	Trust: 0.3

sources: ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // BID: 90520 // JVNDB: JVNDB-2016-002709 // CNNVD: CNNVD-201605-201 // NVD: CVE-2016-4496

CREDITS

Steven Seeley of Source Incite

Trust: 2.8

sources: ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333

SOURCES

db:	IVD	id:	5562c54e-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-335
db:	ZDI	id:	ZDI-16-336
db:	ZDI	id:	ZDI-16-337
db:	ZDI	id:	ZDI-16-333
db:	CNVD	id:	CNVD-2016-03208
db:	BID	id:	90520
db:	JVNDB	id:	JVNDB-2016-002709
db:	CNNVD	id:	CNNVD-201605-201
db:	NVD	id:	CVE-2016-4496

LAST UPDATE DATE

2024-08-14T13:32:37.635000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-335	date:	2016-05-11T00:00:00
db:	ZDI	id:	ZDI-16-336	date:	2016-05-11T00:00:00
db:	ZDI	id:	ZDI-16-337	date:	2016-05-11T00:00:00
db:	ZDI	id:	ZDI-16-333	date:	2016-05-11T00:00:00
db:	CNVD	id:	CNVD-2016-03208	date:	2016-05-17T00:00:00
db:	BID	id:	90520	date:	2016-07-05T22:21:00
db:	JVNDB	id:	JVNDB-2016-002709	date:	2016-05-18T00:00:00
db:	CNNVD	id:	CNNVD-201605-201	date:	2016-05-13T00:00:00
db:	NVD	id:	CVE-2016-4496	date:	2016-11-28T20:18:24.663

SOURCES RELEASE DATE

db:	IVD	id:	5562c54e-2351-11e6-abef-000c29c66e3d	date:	2016-05-17T00:00:00
db:	ZDI	id:	ZDI-16-335	date:	2016-05-11T00:00:00
db:	ZDI	id:	ZDI-16-336	date:	2016-05-11T00:00:00
db:	ZDI	id:	ZDI-16-337	date:	2016-05-11T00:00:00
db:	ZDI	id:	ZDI-16-333	date:	2016-05-11T00:00:00
db:	CNVD	id:	CNVD-2016-03208	date:	2016-05-17T00:00:00
db:	BID	id:	90520	date:	2016-05-10T00:00:00
db:	JVNDB	id:	JVNDB-2016-002709	date:	2016-05-18T00:00:00
db:	CNNVD	id:	CNNVD-201605-201	date:	2016-05-11T00:00:00
db:	NVD	id:	CVE-2016-4496	date:	2016-05-12T01:59:11.620