Published:2024/05/16 Last Updated:2024/05/16
JVNVU#95120091
Panasonic KW Watcher vulnerable to memory buffer error
Overview
KW Watcher provided by Panasonic contains a memory buffer error vulnerability.
Products Affected
- KW Watcher from Ver.1.00 to Ver.2.83
Description
KW Watcher provided by Panasonic contains a vulnerability due to improper restriction of operations within the bounds of a memory buffer (CWE-119, CVE-2024-4162).
Impact
If a user opens a specially crafted KWW file, information regarding a computer memory map may be guessed or KW Watcher may be terminated abnormally.
Solution
Apply the workaround
The developer recommends that users should apply following workarounds to mitigate the impacts of this vulnerability.
- Do not open untrusted KWW files
- Stop using a KWW file when leading conditions such as follows by opening it:
- Display an error dialogue such as "File open error"
- Abnormally terminate KW Watcher
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Base Score:
4.4
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Michael Heinzl reported this vulnerability to Panasonic and coordinated.
After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.