PT-2019-18144 · Panasonic · Panasonic Fpwin Pro

Published

2019-06-07

Updated

2020-10-06

CVE-2019-6532

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Panasonic FPWIN Pro version 7.3.0.0 and prior

Description The issue allows an attacker-created project file to be loaded by an authenticated user, triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.

Recommendations For Panasonic FPWIN Pro version 7.3.0.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

CVE-2019-6532

ZDI-19-566

ZDI-19-568

ZDI-19-570

Affected Products

Panasonic Fpwin Pro

PT-2019-18144 · Panasonic · Panasonic Fpwin Pro

CVE-2019-6532

Weakness Enumeration

Related Identifiers

Affected Products

References · 7