Sign-up

ID

VAR-201605-0348


CVE

CVE-2016-4499


TITLE

Panasonic FPWIN Pro Buffer Overflow Vulnerability

Trust: 1.4

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03213 // CNNVD: CNNVD-201605-198

DESCRIPTION

Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files. A specially-crafted project file can cause a heap buffer overrun in a memcpy call. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan

Trust: 3.87

sources: NVD: CVE-2016-4499 // JVNDB: JVNDB-2016-002712 // ZDI: ZDI-16-331 // ZDI: ZDI-16-330 // CNVD: CNVD-2016-03213 // BID: 90522 // IVD: 5565f688-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03213

AFFECTED PRODUCTS

vendor:panasonicmodel:fpwin proscope:eqversion: -

Trust: 1.6

vendor:panasonicmodel:fpwin proscope: - version: -

Trust: 1.4

vendor:panasonicmodel:fpwin proscope:ltversion:7.x

Trust: 0.8

vendor:panasonicmodel:fpwin proscope:eqversion:5.x from 7.130

Trust: 0.8

vendor:panasonicmodel:fpwin proscope:eqversion:5.x

Trust: 0.6

vendor:panasonicmodel:fpwin proscope:eqversion:6.x

Trust: 0.6

vendor:panasonicmodel:fpwin proscope:lteversion:<=7.122

Trust: 0.6

vendor:fpwin promodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-331 // ZDI: ZDI-16-330 // CNVD: CNVD-2016-03213 // JVNDB: JVNDB-2016-002712 // CNNVD: CNNVD-201605-198 // NVD: CVE-2016-4499

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2016-4499
value: MEDIUM

Trust: 1.4

nvd@nist.gov: CVE-2016-4499
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4499
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-03213
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201605-198
value: MEDIUM

Trust: 0.6

IVD: 5565f688-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2016-4499
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-4499
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.4

CNVD: CNVD-2016-03213
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5565f688-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-4499
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-331 // ZDI: ZDI-16-330 // CNVD: CNVD-2016-03213 // JVNDB: JVNDB-2016-002712 // CNNVD: CNNVD-201605-198 // NVD: CVE-2016-4499

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-002712 // NVD: CVE-2016-4499

THREAT TYPE

local

Trust: 0.9

sources: BID: 90522 // CNNVD: CNNVD-201605-198

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201605-198

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002712

PATCH
title:Panasonic has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01
Trust: 1.4
title:FPWIN Prourl:https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm
Trust: 0.8
title:Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/75926
Trust: 0.6
title:Panasonic FPWIN Pro Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61516
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-331 // 
            
            
            
            ZDI: ZDI-16-330 // 
            
            
            
            CNVD: CNVD-2016-03213 // 
            
            
            
            JVNDB: JVNDB-2016-002712 // 
            
            
            
            CNNVD: CNNVD-201605-198

EXTERNAL IDS
db:NVDid:CVE-2016-4499
Trust: 4.9
db:ICS CERTid:ICSA-16-131-01
Trust: 3.0
db:ZDIid:ZDI-16-331
Trust: 2.3
db:ZDIid:ZDI-16-330
Trust: 2.3
db:BIDid:90522
Trust: 1.3
db:CNVDid:CNVD-2016-03213
Trust: 0.8
db:CNNVDid:CNNVD-201605-198
Trust: 0.8
db:JVNDBid:JVNDB-2016-002712
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3501
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3446
Trust: 0.7
db:IVDid:5565F688-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 5565f688-2351-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-16-331 // 
            
            
            
            ZDI: ZDI-16-330 // 
            
            
            
            CNVD: CNVD-2016-03213 // 
            
            
            
            BID: 90522 // 
            
            
            
            JVNDB: JVNDB-2016-002712 // 
            
            
            
            CNNVD: CNNVD-201605-198 // 
            
            
            
            NVD: CVE-2016-4499

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-131-01
Trust: 4.4
url:http://zerodayinitiative.com/advisories/zdi-16-330/
Trust: 1.6
url:http://zerodayinitiative.com/advisories/zdi-16-331/
Trust: 1.6
url:http://www.securityfocus.com/bid/90522
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4499
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4499
Trust: 0.8
url:http://panasonic.com/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-16-331 // 
            
            
            
            ZDI: ZDI-16-330 // 
            
            
            
            CNVD: CNVD-2016-03213 // 
            
            
            
            BID: 90522 // 
            
            
            
            JVNDB: JVNDB-2016-002712 // 
            
            
            
            CNNVD: CNNVD-201605-198 // 
            
            
            
            NVD: CVE-2016-4499

CREDITS
Steven Seeley of Source Incite
Trust: 1.4
sources:
            
            
            ZDI: ZDI-16-331 // 
            
            
            
            ZDI: ZDI-16-330

SOURCES
db:IVDid:5565f688-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-16-331
db:ZDIid:ZDI-16-330
db:CNVDid:CNVD-2016-03213
db:BIDid:90522
db:JVNDBid:JVNDB-2016-002712
db:CNNVDid:CNNVD-201605-198
db:NVDid:CVE-2016-4499

LAST UPDATE DATE
2024-08-14T13:32:37.587000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-331date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-330date:2016-05-11T00:00:00
db:CNVDid:CNVD-2016-03213date:2016-05-17T00:00:00
db:BIDid:90522date:2016-07-06T14:40:00
db:JVNDBid:JVNDB-2016-002712date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-198date:2016-05-13T00:00:00
db:NVDid:CVE-2016-4499date:2016-11-28T20:18:27.850

SOURCES RELEASE DATE
db:IVDid:5565f688-2351-11e6-abef-000c29c66e3ddate:2016-05-17T00:00:00
db:ZDIid:ZDI-16-331date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-330date:2016-05-11T00:00:00
db:CNVDid:CNVD-2016-03213date:2016-05-17T00:00:00
db:BIDid:90522date:2016-05-10T00:00:00
db:JVNDBid:JVNDB-2016-002712date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-198date:2016-05-11T00:00:00
db:NVDid:CVE-2016-4499date:2016-05-12T01:59:14.857