ID

VAR-201605-0348


CVE

CVE-2016-4499


TITLE

Panasonic FPWIN Pro Buffer Overflow Vulnerability

Trust: 1.4

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03213 // CNNVD: CNNVD-201605-198

DESCRIPTION

Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of project files. A specially-crafted project file can cause a heap buffer overrun in a memcpy call. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Panasonic FPWIN Pro is a set of programming software for all FP series PLCs (Programmable Logic Controllers) from Panasonic Corporation of Japan

Trust: 3.87

sources: NVD: CVE-2016-4499 // JVNDB: JVNDB-2016-002712 // ZDI: ZDI-16-331 // ZDI: ZDI-16-330 // CNVD: CNVD-2016-03213 // BID: 90522 // IVD: 5565f688-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03213

AFFECTED PRODUCTS

vendor:panasonicmodel:fpwin proscope:eqversion: -

Trust: 1.6

vendor:panasonicmodel:fpwin proscope: - version: -

Trust: 1.4

vendor:panasonicmodel:fpwin proscope:ltversion:7.x

Trust: 0.8

vendor:panasonicmodel:fpwin proscope:eqversion:5.x from 7.130

Trust: 0.8

vendor:panasonicmodel:fpwin proscope:eqversion:5.x

Trust: 0.6

vendor:panasonicmodel:fpwin proscope:eqversion:6.x

Trust: 0.6

vendor:panasonicmodel:fpwin proscope:lteversion:<=7.122

Trust: 0.6

vendor:fpwin promodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-331 // ZDI: ZDI-16-330 // CNVD: CNVD-2016-03213 // JVNDB: JVNDB-2016-002712 // CNNVD: CNNVD-201605-198 // NVD: CVE-2016-4499

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2016-4499
value: MEDIUM

Trust: 1.4

nvd@nist.gov: CVE-2016-4499
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4499
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-03213
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201605-198
value: MEDIUM

Trust: 0.6

IVD: 5565f688-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2016-4499
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-4499
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.4

CNVD: CNVD-2016-03213
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5565f688-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-4499
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-331 // ZDI: ZDI-16-330 // CNVD: CNVD-2016-03213 // JVNDB: JVNDB-2016-002712 // CNNVD: CNNVD-201605-198 // NVD: CVE-2016-4499

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-002712 // NVD: CVE-2016-4499

THREAT TYPE

local

Trust: 0.9

sources: BID: 90522 // CNNVD: CNNVD-201605-198

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201605-198

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002712

PATCH

title:Panasonic has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01

Trust: 1.4

title:FPWIN Prourl:https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm

Trust: 0.8

title:Patch for Panasonic FPWIN Pro Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/75926

Trust: 0.6

title:Panasonic FPWIN Pro Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61516

Trust: 0.6

sources: ZDI: ZDI-16-331 // ZDI: ZDI-16-330 // CNVD: CNVD-2016-03213 // JVNDB: JVNDB-2016-002712 // CNNVD: CNNVD-201605-198

EXTERNAL IDS

db:NVDid:CVE-2016-4499

Trust: 4.9

db:ICS CERTid:ICSA-16-131-01

Trust: 3.0

db:ZDIid:ZDI-16-331

Trust: 2.3

db:ZDIid:ZDI-16-330

Trust: 2.3

db:BIDid:90522

Trust: 1.3

db:CNVDid:CNVD-2016-03213

Trust: 0.8

db:CNNVDid:CNNVD-201605-198

Trust: 0.8

db:JVNDBid:JVNDB-2016-002712

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3501

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3446

Trust: 0.7

db:IVDid:5565F688-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 5565f688-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-331 // ZDI: ZDI-16-330 // CNVD: CNVD-2016-03213 // BID: 90522 // JVNDB: JVNDB-2016-002712 // CNNVD: CNNVD-201605-198 // NVD: CVE-2016-4499

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-131-01

Trust: 4.4

url:http://zerodayinitiative.com/advisories/zdi-16-330/

Trust: 1.6

url:http://zerodayinitiative.com/advisories/zdi-16-331/

Trust: 1.6

url:http://www.securityfocus.com/bid/90522

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4499

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4499

Trust: 0.8

url:http://panasonic.com/

Trust: 0.3

sources: ZDI: ZDI-16-331 // ZDI: ZDI-16-330 // CNVD: CNVD-2016-03213 // BID: 90522 // JVNDB: JVNDB-2016-002712 // CNNVD: CNNVD-201605-198 // NVD: CVE-2016-4499

CREDITS

Steven Seeley of Source Incite

Trust: 1.4

sources: ZDI: ZDI-16-331 // ZDI: ZDI-16-330

SOURCES

db:IVDid:5565f688-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-16-331
db:ZDIid:ZDI-16-330
db:CNVDid:CNVD-2016-03213
db:BIDid:90522
db:JVNDBid:JVNDB-2016-002712
db:CNNVDid:CNNVD-201605-198
db:NVDid:CVE-2016-4499

LAST UPDATE DATE

2024-08-14T13:32:37.587000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-16-331date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-330date:2016-05-11T00:00:00
db:CNVDid:CNVD-2016-03213date:2016-05-17T00:00:00
db:BIDid:90522date:2016-07-06T14:40:00
db:JVNDBid:JVNDB-2016-002712date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-198date:2016-05-13T00:00:00
db:NVDid:CVE-2016-4499date:2016-11-28T20:18:27.850

SOURCES RELEASE DATE

db:IVDid:5565f688-2351-11e6-abef-000c29c66e3ddate:2016-05-17T00:00:00
db:ZDIid:ZDI-16-331date:2016-05-11T00:00:00
db:ZDIid:ZDI-16-330date:2016-05-11T00:00:00
db:CNVDid:CNVD-2016-03213date:2016-05-17T00:00:00
db:BIDid:90522date:2016-05-10T00:00:00
db:JVNDBid:JVNDB-2016-002712date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-198date:2016-05-11T00:00:00
db:NVDid:CVE-2016-4499date:2016-05-12T01:59:14.857