ID

VAR-202101-0140


CVE

CVE-2020-16236


TITLE

Made by Panasonic FPWIN Pro Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001002

DESCRIPTION

FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. FPWIN Pro Is provided by Panasonic Corporation PLC Programming software for. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRO files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process

Trust: 2.34

sources: NVD: CVE-2020-16236 // JVNDB: JVNDB-2021-001002 // ZDI: ZDI-21-068 // VULMON: CVE-2020-16236

AFFECTED PRODUCTS

vendor:panasonicmodel:fpwin proscope:ltversion:7.5.0.1

Trust: 1.0

vendor:panasonicmodel:fpwin proscope:eqversion:version 7.5.0.0

Trust: 0.8

vendor:panasonicmodel:control fpwin proscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-068 // JVNDB: JVNDB-2021-001002 // NVD: CVE-2020-16236

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-16236
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001002
value: HIGH

Trust: 0.8

ZDI: CVE-2020-16236
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202101-236
value: HIGH

Trust: 0.6

VULMON: CVE-2020-16236
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-16236
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2020-16236
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2021-001002
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-16236
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-068 // VULMON: CVE-2020-16236 // JVNDB: JVNDB-2021-001002 // CNNVD: CNNVD-202101-236 // NVD: CVE-2020-16236

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2021-001002 // NVD: CVE-2020-16236

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-236

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-236

CONFIGURATIONS

sources: JVNDB: JVNDB-2021-001002

PATCH

title:Programming Software Control FPWIN Prourl:https://industry.panasonic.eu/factory-automation/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro

Trust: 0.8

title:Panasonic has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02

Trust: 0.7

title:Panasonic FPWIN Pro Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138391

Trust: 0.6

sources: ZDI: ZDI-21-068 // JVNDB: JVNDB-2021-001002 // CNNVD: CNNVD-202101-236

EXTERNAL IDS

db:NVDid:CVE-2020-16236

Trust: 3.2

db:ICS CERTid:ICSA-21-005-02

Trust: 2.5

db:JVNid:JVNVU92365365

Trust: 0.8

db:JVNDBid:JVNDB-2021-001002

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11579

Trust: 0.7

db:ZDIid:ZDI-21-068

Trust: 0.7

db:AUSCERTid:ESB-2021.0048

Trust: 0.6

db:CNNVDid:CNNVD-202101-236

Trust: 0.6

db:VULMONid:CVE-2020-16236

Trust: 0.1

sources: ZDI: ZDI-21-068 // VULMON: CVE-2020-16236 // JVNDB: JVNDB-2021-001002 // CNNVD: CNNVD-202101-236 // NVD: CVE-2020-16236

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-005-02

Trust: 3.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16236

Trust: 0.8

url:http://jvn.jp/cert/jvnvu92365365

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-16236

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0048/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/194260

Trust: 0.1

sources: ZDI: ZDI-21-068 // VULMON: CVE-2020-16236 // JVNDB: JVNDB-2021-001002 // CNNVD: CNNVD-202101-236 // NVD: CVE-2020-16236

CREDITS

Francis Provencher {PRL}

Trust: 0.7

sources: ZDI: ZDI-21-068

SOURCES

db:ZDIid:ZDI-21-068
db:VULMONid:CVE-2020-16236
db:JVNDBid:JVNDB-2021-001002
db:CNNVDid:CNNVD-202101-236
db:NVDid:CVE-2020-16236

LAST UPDATE DATE

2024-08-14T13:24:01.077000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-068date:2021-01-14T00:00:00
db:VULMONid:CVE-2020-16236date:2021-01-29T00:00:00
db:JVNDBid:JVNDB-2021-001002date:2021-01-07T07:38:38
db:CNNVDid:CNNVD-202101-236date:2021-02-01T00:00:00
db:NVDid:CVE-2020-16236date:2021-01-29T00:58:43.103

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-068date:2021-01-14T00:00:00
db:VULMONid:CVE-2020-16236date:2021-01-26T00:00:00
db:JVNDBid:JVNDB-2021-001002date:2021-01-07T07:38:38
db:CNNVDid:CNNVD-202101-236date:2021-01-05T00:00:00
db:NVDid:CVE-2020-16236date:2021-01-26T18:15:39.787