ID

VAR-201605-0346


CVE

CVE-2016-4497


TITLE

Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002710

DESCRIPTION

Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion.". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 3.24

sources: NVD: CVE-2016-4497 // JVNDB: JVNDB-2016-002710 // ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // BID: 90523 // IVD: 55646fa2-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03215

AFFECTED PRODUCTS

vendor:panasonicmodel:fpwin proscope:eqversion: -

Trust: 1.6

vendor:panasonicmodel:fpwin proscope:ltversion:7.x

Trust: 0.8

vendor:panasonicmodel:fpwin proscope:eqversion:5.x from 7.130

Trust: 0.8

vendor:panasonicmodel:fpwin proscope: - version: -

Trust: 0.7

vendor:panasonicmodel:fpwin proscope:eqversion:5.x

Trust: 0.6

vendor:panasonicmodel:fpwin proscope:eqversion:6.x

Trust: 0.6

vendor:panasonicmodel:fpwin proscope:lteversion:<=7.122

Trust: 0.6

vendor:fpwin promodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200 // NVD: CVE-2016-4497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4497
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4497
value: MEDIUM

Trust: 0.8

ZDI: CVE-2016-4497
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2016-03215
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201605-200
value: MEDIUM

Trust: 0.6

IVD: 55646fa2-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2016-4497
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-4497
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2016-03215
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 55646fa2-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-4497
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200 // NVD: CVE-2016-4497

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-002710 // NVD: CVE-2016-4497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-200

TYPE

Input validation

Trust: 0.8

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201605-200

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002710

PATCH

title:FPWIN Prourl:https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm

Trust: 0.8

title:Panasonic has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01

Trust: 0.7

title:Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability - CNVD-2016-03215url:https://www.cnvd.org.cn/patchInfo/show/75924

Trust: 0.6

title:Panasonic FPWIN Pro Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61518

Trust: 0.6

sources: ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200

EXTERNAL IDS

db:NVDid:CVE-2016-4497

Trust: 4.2

db:ICS CERTid:ICSA-16-131-01

Trust: 3.0

db:ZDIid:ZDI-16-334

Trust: 2.3

db:BIDid:90523

Trust: 1.3

db:CNVDid:CNVD-2016-03215

Trust: 0.8

db:CNNVDid:CNNVD-201605-200

Trust: 0.8

db:JVNDBid:JVNDB-2016-002710

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3504

Trust: 0.7

db:IVDid:55646FA2-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // BID: 90523 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200 // NVD: CVE-2016-4497

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-131-01

Trust: 3.7

url:http://zerodayinitiative.com/advisories/zdi-16-334/

Trust: 1.6

url:http://www.securityfocus.com/bid/90523

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4497

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4497

Trust: 0.8

url:http://panasonic.com/

Trust: 0.3

sources: ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // BID: 90523 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200 // NVD: CVE-2016-4497

CREDITS

Steven Seeley of Source Incite

Trust: 0.7

sources: ZDI: ZDI-16-334

SOURCES

db:IVDid:55646fa2-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-16-334
db:CNVDid:CNVD-2016-03215
db:BIDid:90523
db:JVNDBid:JVNDB-2016-002710
db:CNNVDid:CNNVD-201605-200
db:NVDid:CVE-2016-4497

LAST UPDATE DATE

2024-11-23T22:49:15.119000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-16-334date:2016-05-11T00:00:00
db:CNVDid:CNVD-2016-03215date:2016-05-17T00:00:00
db:BIDid:90523date:2016-07-06T14:40:00
db:JVNDBid:JVNDB-2016-002710date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-200date:2016-05-13T00:00:00
db:NVDid:CVE-2016-4497date:2024-11-21T02:52:21.010

SOURCES RELEASE DATE

db:IVDid:55646fa2-2351-11e6-abef-000c29c66e3ddate:2016-05-17T00:00:00
db:ZDIid:ZDI-16-334date:2016-05-11T00:00:00
db:CNVDid:CNVD-2016-03215date:2016-05-17T00:00:00
db:BIDid:90523date:2016-05-10T00:00:00
db:JVNDBid:JVNDB-2016-002710date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-200date:2016-05-11T00:00:00
db:NVDid:CVE-2016-4497date:2016-05-12T01:59:12.683