ID

VAR-201605-0345


CVE

CVE-2016-4496


TITLE

Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002709

DESCRIPTION

Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the createLoadContent method due to an unvalidated length that is input from the project file. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Panasonic FPWIN Pro is prone to a multiple local code-execution vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 5.13

sources: NVD: CVE-2016-4496 // JVNDB: JVNDB-2016-002709 // ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // BID: 90520 // IVD: 5562c54e-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5562c54e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03208

AFFECTED PRODUCTS

vendor:panasonicmodel:fpwin proscope: - version: -

Trust: 2.8

vendor:panasonicmodel:fpwin proscope:eqversion: -

Trust: 1.6

vendor:panasonicmodel:fpwin proscope:ltversion:7.x

Trust: 0.8

vendor:panasonicmodel:fpwin proscope:eqversion:5.x from 7.130

Trust: 0.8

vendor:panasonicmodel:fpwin proscope:eqversion:5.x

Trust: 0.6

vendor:panasonicmodel:fpwin proscope:eqversion:6.x

Trust: 0.6

vendor:panasonicmodel:fpwin proscope:lteversion:<=7.122

Trust: 0.6

vendor:fpwin promodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 5562c54e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // JVNDB: JVNDB-2016-002709 // CNNVD: CNNVD-201605-201 // NVD: CVE-2016-4496

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2016-4496
value: MEDIUM

Trust: 2.8

nvd@nist.gov: CVE-2016-4496
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4496
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-03208
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201605-201
value: MEDIUM

Trust: 0.6

IVD: 5562c54e-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2016-4496
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 4.6

CNVD: CNVD-2016-03208
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5562c54e-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-4496
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: 5562c54e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // JVNDB: JVNDB-2016-002709 // CNNVD: CNNVD-201605-201 // NVD: CVE-2016-4496

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-002709 // NVD: CVE-2016-4496

THREAT TYPE

local

Trust: 0.9

sources: BID: 90520 // CNNVD: CNNVD-201605-201

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 5562c54e-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201605-201

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002709

PATCH

title:Panasonic has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01

Trust: 2.8

title:FPWIN Prourl:https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm

Trust: 0.8

title:Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03208)url:https://www.cnvd.org.cn/patchInfo/show/75932

Trust: 0.6

title:Panasonic FPWIN Pro Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61519

Trust: 0.6

sources: ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // JVNDB: JVNDB-2016-002709 // CNNVD: CNNVD-201605-201

EXTERNAL IDS

db:NVDid:CVE-2016-4496

Trust: 6.3

db:ICS CERTid:ICSA-16-131-01

Trust: 3.0

db:ZDIid:ZDI-16-335

Trust: 2.3

db:ZDIid:ZDI-16-336

Trust: 2.3

db:ZDIid:ZDI-16-337

Trust: 2.3

db:ZDIid:ZDI-16-333

Trust: 2.3

db:BIDid:90520

Trust: 1.3

db:CNVDid:CNVD-2016-03208

Trust: 0.8

db:CNNVDid:CNNVD-201605-201

Trust: 0.8

db:JVNDBid:JVNDB-2016-002709

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3503

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3502

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3538

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3505

Trust: 0.7

db:IVDid:5562C54E-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 5562c54e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // BID: 90520 // JVNDB: JVNDB-2016-002709 // CNNVD: CNNVD-201605-201 // NVD: CVE-2016-4496

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-131-01

Trust: 5.8

url:http://zerodayinitiative.com/advisories/zdi-16-337/

Trust: 1.6

url:http://zerodayinitiative.com/advisories/zdi-16-333/

Trust: 1.6

url:http://zerodayinitiative.com/advisories/zdi-16-336/

Trust: 1.6

url:http://zerodayinitiative.com/advisories/zdi-16-335/

Trust: 1.6

url:http://www.securityfocus.com/bid/90520

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4496

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4496

Trust: 0.8

url:http://panasonic.com/

Trust: 0.3

sources: ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333 // CNVD: CNVD-2016-03208 // BID: 90520 // JVNDB: JVNDB-2016-002709 // CNNVD: CNNVD-201605-201 // NVD: CVE-2016-4496

CREDITS

Steven Seeley of Source Incite

Trust: 2.8

sources: ZDI: ZDI-16-335 // ZDI: ZDI-16-336 // ZDI: ZDI-16-337 // ZDI: ZDI-16-333

SOURCES

db:IVDid:5562c54e-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-16-335
db:ZDIid:ZDI-16-336
db:ZDIid:ZDI-16-337
db:ZDIid:ZDI-16-333
db:CNVDid:CNVD-2016-03208
db:BIDid:90520
db:JVNDBid:JVNDB-2016-002709
db:CNNVDid:CNNVD-201605-201
db:NVDid:CVE-2016-4496

LAST UPDATE DATE

2024-08-14T13:32:37.635000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-16-335date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-336date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-337date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-333date:2016-05-11T00:00:00
db:CNVDid:CNVD-2016-03208date:2016-05-17T00:00:00
db:BIDid:90520date:2016-07-05T22:21:00
db:JVNDBid:JVNDB-2016-002709date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-201date:2016-05-13T00:00:00
db:NVDid:CVE-2016-4496date:2016-11-28T20:18:24.663

SOURCES RELEASE DATE

db:IVDid:5562c54e-2351-11e6-abef-000c29c66e3ddate:2016-05-17T00:00:00
db:ZDIid:ZDI-16-335date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-336date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-337date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-333date:2016-05-11T00:00:00
db:CNVDid:CNVD-2016-03208date:2016-05-17T00:00:00
db:BIDid:90520date:2016-05-10T00:00:00
db:JVNDBid:JVNDB-2016-002709date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-201date:2016-05-11T00:00:00
db:NVDid:CVE-2016-4496date:2016-05-12T01:59:11.620