This script is Copyright (C) 2016-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_FPWIN_7_130.NBINPanasonic FPWIN Pro 5.x < 7.130 Multiple Vulnerabilities
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
0.002 Low
EPSS
Percentile
59.4%
The remote host has a version of Panasonic FPWIN Pro installed that is 5.x prior to 7.130. It is, therefore, affected by multiple vulnerabilities :
-
An array indexing error exists in the SelectFCS() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4496) -
A type confusion error exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-4497) -
An uninitialized pointer dereference flaw exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4498)
-
An overflow condition exists when handling project files due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4499)
-
A signedness error exists in the GetBlockFromStream() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. -
An overflow condition exists in the createLoadContent() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. -
An unspecified overflow condition exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.
Binary data scada_fpwin_7_130.nbinReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4496
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4499
ics-cert.us-cert.gov/advisories/ICSA-16-131-01
www.zerodayinitiative.com/advisories/ZDI-16-330/
www.zerodayinitiative.com/advisories/ZDI-16-331/
www.zerodayinitiative.com/advisories/ZDI-16-332/
www.zerodayinitiative.com/advisories/ZDI-16-333/
www.zerodayinitiative.com/advisories/ZDI-16-334/
www.zerodayinitiative.com/advisories/ZDI-16-335/
www.zerodayinitiative.com/advisories/ZDI-16-336/
www.zerodayinitiative.com/advisories/ZDI-16-337/
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
0.002 Low
EPSS
Percentile
59.4%