CVE-2019-6532
HIGHPanasonic FPWIN Pro < 7.3.0.0 - Type Confusion via Malicious Project File
Title source: llmDescription
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
References (5)
Core 5
Core References
Mailing List, Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108683
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-568/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-566/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-570/
Scores
CVSS v3
7.8
EPSS
0.0375
EPSS Percentile
88.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-843
Status
published
Products (1)
panasonic/control_fpwin_pro
< 7.3.0.0
Published
Jun 07, 2019
Tracked Since
Feb 18, 2026