ID

VAR-201906-0208


CVE

CVE-2019-6530


TITLE

Panasonic FPWIN Pro Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-005355 // CNNVD: CNNVD-201906-281

DESCRIPTION

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Panasonic FPWIN Pro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Failed exploits may result in denial-of-service conditions. Panasonic FPWIN Pro Version 7.3.0.0 and prior versions are vulnerable; other versions may also be affected

Trust: 3.15

sources: NVD: CVE-2019-6530 // JVNDB: JVNDB-2019-005355 // ZDI: ZDI-19-565 // ZDI: ZDI-19-567 // BID: 108683

AFFECTED PRODUCTS

vendor:panasonicmodel:control fpwin proscope: - version: -

Trust: 1.4

vendor:panasonicmodel:control fpwin proscope:lteversion:7.3.0.0

Trust: 1.0

vendor:panasonicmodel:fpwin proscope:lteversion:7.3.0.0

Trust: 0.8

vendor:panasonicmodel:control fpwin proscope:eqversion:7.3.0.0

Trust: 0.3

vendor:panasonicmodel:control fpwin proscope:neversion:7.3.1.0

Trust: 0.3

sources: ZDI: ZDI-19-565 // ZDI: ZDI-19-567 // BID: 108683 // JVNDB: JVNDB-2019-005355 // NVD: CVE-2019-6530

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-6530
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2019-6530
value: HIGH

Trust: 1.0

NVD: CVE-2019-6530
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-281
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-6530
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2019-6530
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2019-6530
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-6530
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-19-565 // ZDI: ZDI-19-567 // JVNDB: JVNDB-2019-005355 // CNNVD: CNNVD-201906-281 // NVD: CVE-2019-6530

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2019-005355 // NVD: CVE-2019-6530

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-281

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-281

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005355

PATCH

title:Panasonic has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02

Trust: 1.4

title:FPWIN Prourl:https://www.panasonic-electric-works.com/eu/plc-software-control-fpwin-pro.htm

Trust: 0.8

title:Panasonic FPWIN Pro Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93362

Trust: 0.6

sources: ZDI: ZDI-19-565 // ZDI: ZDI-19-567 // JVNDB: JVNDB-2019-005355 // CNNVD: CNNVD-201906-281

EXTERNAL IDS

db:NVDid:CVE-2019-6530

Trust: 4.1

db:ICS CERTid:ICSA-19-157-02

Trust: 2.7

db:ZDIid:ZDI-19-565

Trust: 2.3

db:ZDIid:ZDI-19-567

Trust: 2.3

db:BIDid:108683

Trust: 1.9

db:JVNDBid:JVNDB-2019-005355

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-7848

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7852

Trust: 0.7

db:AUSCERTid:ESB-2019.2044

Trust: 0.6

db:CNNVDid:CNNVD-201906-281

Trust: 0.6

sources: ZDI: ZDI-19-565 // ZDI: ZDI-19-567 // BID: 108683 // JVNDB: JVNDB-2019-005355 // CNNVD: CNNVD-201906-281 // NVD: CVE-2019-6530

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-157-02

Trust: 4.7

url:http://www.securityfocus.com/bid/108683

Trust: 2.2

url:https://www.zerodayinitiative.com/advisories/zdi-19-567/

Trust: 2.2

url:https://www.zerodayinitiative.com/advisories/zdi-19-565/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-6530

Trust: 1.4

url:http://panasonic.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6530

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.2044/

Trust: 0.6

sources: ZDI: ZDI-19-565 // ZDI: ZDI-19-567 // BID: 108683 // JVNDB: JVNDB-2019-005355 // CNNVD: CNNVD-201906-281 // NVD: CVE-2019-6530

CREDITS

9sg Security Team

Trust: 1.4

sources: ZDI: ZDI-19-565 // ZDI: ZDI-19-567

SOURCES

db:ZDIid:ZDI-19-565
db:ZDIid:ZDI-19-567
db:BIDid:108683
db:JVNDBid:JVNDB-2019-005355
db:CNNVDid:CNNVD-201906-281
db:NVDid:CVE-2019-6530

LAST UPDATE DATE

2024-08-14T13:44:58.209000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-565date:2019-06-13T00:00:00
db:ZDIid:ZDI-19-567date:2019-06-13T00:00:00
db:BIDid:108683date:2019-06-06T00:00:00
db:JVNDBid:JVNDB-2019-005355date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-281date:2020-10-19T00:00:00
db:NVDid:CVE-2019-6530date:2020-10-16T15:47:04.773

SOURCES RELEASE DATE

db:ZDIid:ZDI-19-565date:2019-06-13T00:00:00
db:ZDIid:ZDI-19-567date:2019-06-13T00:00:00
db:BIDid:108683date:2019-06-06T00:00:00
db:JVNDBid:JVNDB-2019-005355date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-281date:2019-06-06T00:00:00
db:NVDid:CVE-2019-6530date:2019-06-07T14:29:00.400