Published:2023/08/21 Last Updated:2023/08/21
JVNVU#96622721
Multiple vulnerabilities in Panasonic Control FPWIN Pro7
Overview
Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities.
Products Affected
- Control FPWIN Pro7 Ver. 7.6.0.3 and earlier
Description
Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below.
- Stack-based Buffer Overflow (CWE-121) - CVE-2023-28728
CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8 - Access of Resource Using Incompatible Type (CWE-843) - CVE-2023-28729
CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8 - Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) - CVE-2023-28730
CVSS v3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.8
Impact
By having a user to open a specially crafted file, arbitrary code may be executed.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Panasonic | Programming software Control FPWIN Pro |
| Vulnerability Advisory List |
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Michael Heinzl first contacted JPCERT/CC, and JPCERT/CC advised him to contact Panasonic directly. Afterwards, he reported these vulnerabilities to Panasonic and coordinated with them. Panasonic and JPCERT/CC published respective advisories in order to notify users of these vulnerabilities.