Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108683 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 | Mailing List Patch Third Party Advisory US Government Resource |
https://www.zerodayinitiative.com/advisories/ZDI-19-566/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-19-568/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-19-570/ | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2019-06-07 14:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-6532
Mitre link : CVE-2019-6532
CVE.ORG link : CVE-2019-6532
JSON object : View
Products Affected
panasonic
- control_fpwin_pro
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')