Details of VAR-201605-0346

ID

VAR-201605-0346

CVE

CVE-2016-4497

TITLE

Panasonic FPWIN Pro Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002710

DESCRIPTION

Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion.". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. This type confusion will cause a jump through a vtable entry that is past the end of the vtable for the object. An attacker can leverage this vulnerability to attain code execution under the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 3.24

sources: NVD: CVE-2016-4497 // JVNDB: JVNDB-2016-002710 // ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // BID: 90523 // IVD: 55646fa2-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03215

AFFECTED PRODUCTS

vendor:	panasonic	model:	fpwin pro	scope:	eq	version:	-	Trust: 1.6
vendor:	panasonic	model:	fpwin pro	scope:	lt	version:	7.x	Trust: 0.8
vendor:	panasonic	model:	fpwin pro	scope:	eq	version:	5.x from 7.130	Trust: 0.8
vendor:	panasonic	model:	fpwin pro	scope:	-	version:	-	Trust: 0.7
vendor:	panasonic	model:	fpwin pro	scope:	eq	version:	5.x	Trust: 0.6
vendor:	panasonic	model:	fpwin pro	scope:	eq	version:	6.x	Trust: 0.6
vendor:	panasonic	model:	fpwin pro	scope:	lte	version:	<=7.122	Trust: 0.6
vendor:	fpwin pro	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200 // NVD: CVE-2016-4497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4497
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-4497
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2016-4497
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2016-03215
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201605-200
value:	MEDIUM
Trust: 0.6
IVD:	55646fa2-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2016-4497
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2016-4497
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2016-03215
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	55646fa2-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2016-4497
baseSeverity:	MEDIUM
baseScore:	4.2
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.8
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200 // NVD: CVE-2016-4497

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-002710 // NVD: CVE-2016-4497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-200

TYPE

Input validation

Trust: 0.8

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201605-200

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002710

PATCH

title:	FPWIN Pro	url:	https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm	Trust: 0.8
title:	Panasonic has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01	Trust: 0.7
title:	Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerability - CNVD-2016-03215	url:	https://www.cnvd.org.cn/patchInfo/show/75924	Trust: 0.6
title:	Panasonic FPWIN Pro Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61518	Trust: 0.6

sources: ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4497	Trust: 4.2
db:	ICS CERT	id:	ICSA-16-131-01	Trust: 3.0
db:	ZDI	id:	ZDI-16-334	Trust: 2.3
db:	BID	id:	90523	Trust: 1.3
db:	CNVD	id:	CNVD-2016-03215	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-200	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002710	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3504	Trust: 0.7
db:	IVD	id:	55646FA2-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 55646fa2-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // BID: 90523 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200 // NVD: CVE-2016-4497

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-131-01	Trust: 3.7
url:	http://zerodayinitiative.com/advisories/zdi-16-334/	Trust: 1.6
url:	http://www.securityfocus.com/bid/90523	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4497	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4497	Trust: 0.8
url:	http://panasonic.com/	Trust: 0.3

sources: ZDI: ZDI-16-334 // CNVD: CNVD-2016-03215 // BID: 90523 // JVNDB: JVNDB-2016-002710 // CNNVD: CNNVD-201605-200 // NVD: CVE-2016-4497

CREDITS

Steven Seeley of Source Incite

Trust: 0.7

sources: ZDI: ZDI-16-334

SOURCES

db:	IVD	id:	55646fa2-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-334
db:	CNVD	id:	CNVD-2016-03215
db:	BID	id:	90523
db:	JVNDB	id:	JVNDB-2016-002710
db:	CNNVD	id:	CNNVD-201605-200
db:	NVD	id:	CVE-2016-4497

LAST UPDATE DATE

2024-08-14T13:32:37.696000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-334	date:	2016-05-11T00:00:00
db:	CNVD	id:	CNVD-2016-03215	date:	2016-05-17T00:00:00
db:	BID	id:	90523	date:	2016-07-06T14:40:00
db:	JVNDB	id:	JVNDB-2016-002710	date:	2016-05-18T00:00:00
db:	CNNVD	id:	CNNVD-201605-200	date:	2016-05-13T00:00:00
db:	NVD	id:	CVE-2016-4497	date:	2016-11-28T20:18:25.663

SOURCES RELEASE DATE

db:	IVD	id:	55646fa2-2351-11e6-abef-000c29c66e3d	date:	2016-05-17T00:00:00
db:	ZDI	id:	ZDI-16-334	date:	2016-05-11T00:00:00
db:	CNVD	id:	CNVD-2016-03215	date:	2016-05-17T00:00:00
db:	BID	id:	90523	date:	2016-05-10T00:00:00
db:	JVNDB	id:	JVNDB-2016-002710	date:	2016-05-18T00:00:00
db:	CNNVD	id:	CNNVD-201605-200	date:	2016-05-11T00:00:00
db:	NVD	id:	CVE-2016-4497	date:	2016-05-12T01:59:12.683