PT-2021-20003 · Panasonic · Panasonic Fpwin Pro

Michael Heinzl

Published

2021-07-09

Updated

2021-07-13

CVE-2021-32972

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Panasonic FPWIN Pro versions 7.5.1.1 and prior

Description The issue allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software.

Recommendations For versions 7.5.1.1 and prior, consider restricting access to project files and limiting the ability of the XML parser to access external URIs until a patch is available. As a temporary workaround, avoid using the XML parser to embed contents from external URIs in project files.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2021-32972

Affected Products

Panasonic Fpwin Pro

PT-2021-20003 · Panasonic · Panasonic Fpwin Pro

CVE-2021-32972

Weakness Enumeration

Related Identifiers

Affected Products

References · 4