|
[Japanese]
|
JVNDB-2024-001001
|
Multiple vulnerabilities in Panasonic Control FPWIN Pro7
|
|
Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below.
* Stack-based Buffer Overflow (CWE-121) - CVE-2023-6314
* Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) - CVE-2023-6315
Michael Heinzl reported these vulnerabilities to the developer and coordinated. After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-6314
|
CVSS V3 Severity:
Base Metrics:7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-6315
|
|
|
Panasonic Corporation
- FPWIN Pro 7 Ver. 7.7.0.0 and earlier
|
|
|
By having a user open a specially crafted file, arbitrary code may be executed.
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
|
|
Panasonic Corporation
|
|
- Buffer Errors(CWE-119) [Other]
- Stack-based Buffer Overflow(CWE-121) [Other]
|
|
- CVE-2023-6314
- CVE-2023-6315
|
|
- JVN : JVNVU#92102247
- National Vulnerability Database (NVD) : CVE-2023-6314
- National Vulnerability Database (NVD) : CVE-2023-6315
|
|
- [2024/01/10]
Web page was published
|
