Lucene search

[email protected]NVD:CVE-2021-32972

HistoryJul 09, 2021 - 11:15 a.m.

CVE-2021-32972

2021-07-0911:15:08

CWE-611

[email protected]

web.nvd.nist.gov

panasonic fpwin pro

uri craft

xml parser

disclose information

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

27.0%

JSON

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software.

Affected configurations

Nvd

Node

panasonicfpwin_proRange≤7.5.1.1

VendorProductVersionCPE
panasonicfpwin_pro*cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
panasonic	fpwin_pro	*	cpe:2.3:a:panasonic:fpwin_pro::::::::

References

us-cert.cisa.gov/ics/advisories/icsa-21-180-03

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

27.0%

JSON

Related for NVD:CVE-2021-32972

prion1 cvelist1 cve1 ics1