CVE-2019-6532

high

Description

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.

References

Advisories

https://www.zerodayinitiative.com/advisories/ZDI-19-570/

https://www.zerodayinitiative.com/advisories/ZDI-19-568/

https://www.zerodayinitiative.com/advisories/ZDI-19-566/

https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02

http://www.securityfocus.com/bid/108683

Details

Source: Mitre, NVD

Published: 2019-06-07

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00684