Panasonic FPWIN Pro 5.x < 7.130 Multiple Vulnerabilities

Medium Nessus Plugin ID 91626

Synopsis

The remote host has a PLC programming environment installed that is affected by multiple vulnerabilities.

Description

The remote host has a version of Panasonic FPWIN Pro installed that is 5.x prior to 7.130. It is, therefore, affected by multiple vulnerabilities :

- An array indexing error exists in the SelectFCS() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4496)

- A type confusion error exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-4497)

- An uninitialized pointer dereference flaw exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4498)

- An overflow condition exists when handling project files due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4499)

- A signedness error exists in the GetBlockFromStream() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (VulnDB 138389)

- An overflow condition exists in the createLoadContent() function that is triggered when handling project files.
An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (VulnDB 138495)

- An unspecified overflow condition exists that is triggered when handling project files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a maliciously crafted project file, to cause a denial of service condition or the execution of arbitrary code. (VulnDB 138497)

Solution

Upgrade to Panasonic FPWIN 7.130 or later.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01

http://www.zerodayinitiative.com/advisories/ZDI-16-330/

http://www.zerodayinitiative.com/advisories/ZDI-16-331/

http://www.zerodayinitiative.com/advisories/ZDI-16-332/

http://www.zerodayinitiative.com/advisories/ZDI-16-333/

http://www.zerodayinitiative.com/advisories/ZDI-16-334/

http://www.zerodayinitiative.com/advisories/ZDI-16-335/

http://www.zerodayinitiative.com/advisories/ZDI-16-336/

http://www.zerodayinitiative.com/advisories/ZDI-16-337/

Plugin Details

Severity: Medium

ID: 91626

File Name: scada_fpwin_7_130.nbin

Version: $Revision: 1.23 $

Type: local

Family: SCADA

Published: 2016/06/15

Modified: 2018/05/21

Dependencies: 91625

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:panasonic:fpwin_pro

Required KB Items: installed_sw/Panasonic FPWIN Pro

Patch Publication Date: 2016/04/26

Vulnerability Publication Date: 2016/05/10

Reference Information

CVE: CVE-2016-4496, CVE-2016-4497, CVE-2016-4498, CVE-2016-4499

ICSA: 16-131-01

ZDI: ZDI-16-330, ZDI-16-331, ZDI-16-332, ZDI-16-333, ZDI-16-334, ZDI-16-335, ZDI-16-336, ZDI-16-337