CVE-2019-6532
HIGHPanasonic Control Fpwin Pro < 7.3.0.0 - Type Confusion
Title source: ruleDescription
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
References (5)
Core 5
Core References
Mailing List, Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108683
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-568/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-566/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-570/
Scores
CVSS v3
7.8
EPSS
0.0067
EPSS Percentile
71.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-843
Status
published
Products (1)
panasonic/control_fpwin_pro
< 7.3.0.0
Published
Jun 07, 2019
Tracked Since
Feb 18, 2026