#rce

1. EXECUTIVE SUMMARY CVSS v3 7.8  ATTENTION: Low attack complexity  Vendor: Panasonic  Equipment: Control FPWIN Pro7  Vulnerabilities: Type Confusion, Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer  2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in information disclosure or remote code execution on affected installation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Panasonic Control FPWIN, are affected:  Control FPWIN: version 7.6.0.3 and all previous versions 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 In Panasonic Control FPWIN versions 7.6.0.3 and prior, a stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or a parameter to a function). CVE-2023-28728 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector stri...

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named **Message Queuing** and TCP port 1801 is listening on the machine.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role which is not installed and configured by default. Please see Routing and Remote Access Server (RRAS) | Microsoft Learn for more information. You might also benefit by reading more about Roles here: Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn

**According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.

**How could an attacker exploit this vulnerability?** An attacker with Certificate Authority (CA) read access permissions can send a specially crafted request to a vulnerable Certificate Server. By default, only domain administrators are granted CA read access.

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could exploit the vulnerability by sending a specially crafted request to a Windows Server configured as a Layer-2 Bridge.

This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role which is not installed and configured by default. Please see Routing and Remote Access Server (RRAS) | Microsoft Learn for more information. You might also benefit by reading more about Roles here: Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Within a SharePoint site, the attacker must be authenticated, and they would need to have the “Use Remote Interfaces” and “Add and Customize Pages” permissions on a Policy Center site to be able to exploit this vulnerability.

**How could an attacker exploit the vulnerability?** In a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.