CVE-2019-6532

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
References
Link Resource
http://www.securityfocus.com/bid/108683 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 Mailing List Patch Third Party Advisory US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-19-566/ Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-568/ Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-570/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-07 14:29

Updated : 2024-02-28 17:08


NVD link : CVE-2019-6532

Mitre link : CVE-2019-6532

CVE.ORG link : CVE-2019-6532


JSON object : View

Products Affected

panasonic

  • control_fpwin_pro
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')