6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
0.002 Low
EPSS
Percentile
59.4%
The remote host has a version of Panasonic FPWIN Pro installed that is 5.x prior to 7.130. It is, therefore, affected by multiple vulnerabilities :
An array indexing error exists in the SelectFCS() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4496)
A type confusion error exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-4497)
An uninitialized pointer dereference flaw exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4498)
An overflow condition exists when handling project files due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4499)
A signedness error exists in the GetBlockFromStream() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.
An overflow condition exists in the createLoadContent() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.
An unspecified overflow condition exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.
Binary data scada_fpwin_7_130.nbin
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4496
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4499
ics-cert.us-cert.gov/advisories/ICSA-16-131-01
www.zerodayinitiative.com/advisories/ZDI-16-330/
www.zerodayinitiative.com/advisories/ZDI-16-331/
www.zerodayinitiative.com/advisories/ZDI-16-332/
www.zerodayinitiative.com/advisories/ZDI-16-333/
www.zerodayinitiative.com/advisories/ZDI-16-334/
www.zerodayinitiative.com/advisories/ZDI-16-335/
www.zerodayinitiative.com/advisories/ZDI-16-336/
www.zerodayinitiative.com/advisories/ZDI-16-337/
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
0.002 Low
EPSS
Percentile
59.4%