Panasonic FPWIN Pro 5.x < 7.130 Multiple Vulnerabilities

medium Nessus Plugin ID 91626

Synopsis

The remote host has a PLC programming environment installed that is affected by multiple vulnerabilities.

Description

The remote host has a version of Panasonic FPWIN Pro installed that is 5.x prior to 7.130. It is, therefore, affected by multiple vulnerabilities :

- An array indexing error exists in the SelectFCS() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4496)

- A type confusion error exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-4497)

- An uninitialized pointer dereference flaw exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4498)

- An overflow condition exists when handling project files due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4499)

- A signedness error exists in the GetBlockFromStream() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.

- An overflow condition exists in the createLoadContent() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.

- An unspecified overflow condition exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.

Solution

Upgrade to Panasonic FPWIN 7.130 or later.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01

https://www.zerodayinitiative.com/advisories/ZDI-16-330/

https://www.zerodayinitiative.com/advisories/ZDI-16-331/

https://www.zerodayinitiative.com/advisories/ZDI-16-332/

https://www.zerodayinitiative.com/advisories/ZDI-16-333/

https://www.zerodayinitiative.com/advisories/ZDI-16-334/

https://www.zerodayinitiative.com/advisories/ZDI-16-335/

https://www.zerodayinitiative.com/advisories/ZDI-16-336/

https://www.zerodayinitiative.com/advisories/ZDI-16-337/

Plugin Details

Severity: Medium

ID: 91626

File Name: scada_fpwin_7_130.nbin

Version: 1.101

Type: local

Agent: windows

Family: SCADA

Published: 6/15/2016

Updated: 10/10/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-4498

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:panasonic:fpwin_pro

Required KB Items: installed_sw/Panasonic FPWIN Pro

Exploit Ease: No known exploits are available

Patch Publication Date: 4/26/2016

Vulnerability Publication Date: 5/10/2016

Reference Information

CVE: CVE-2016-4496, CVE-2016-4497, CVE-2016-4498, CVE-2016-4499