panasonic 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk memory corruption などに関し、一部は vendor impact data exposure を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-6315 | Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | [email protected] | 7.8 | 0.27% | 2023-12-19 | 2024-11-21 |
| CVE-2023-6314 | Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | [email protected] | 7.8 | 0.27% | 2023-12-19 | 2024-11-21 |
| CVE-2023-3472 | Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. | [email protected] | 8.6 | 0.23% | 2023-09-06 | 2024-11-21 |
| CVE-2023-3471 | Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. | [email protected] | 8.6 | 0.42% | 2023-09-06 | 2024-11-21 |
| CVE-2023-28730 | A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | [email protected] | 7.8 | 0.20% | 2023-07-21 | 2024-11-21 |
| CVE-2023-28729 | A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | [email protected] | 7.8 | 0.20% | 2023-07-21 | 2024-11-21 |
| CVE-2023-28728 | A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | [email protected] | 7.8 | 0.28% | 2023-07-21 | 2024-11-21 |
| CVE-2023-28727 | Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. | [email protected] | 9.6 | 0.38% | 2023-03-31 | 2025-02-12 |
| CVE-2023-28726 | Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. | [email protected] | 7.5 | 0.81% | 2023-03-31 | 2025-02-12 |
| CVE-2022-4621 | Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges. | [email protected] | 7.5 | 0.33% | 2023-01-17 | 2024-11-21 |
| CVE-2021-32972 | Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. | [email protected] | 5.5 | 0.69% | 2021-07-09 | 2024-11-21 |
| CVE-2021-20623 | Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request. | [email protected] | 9.8 | 2.81% | 2021-02-05 | 2024-11-21 |
| CVE-2020-16236 | FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. | [email protected] | 7.8 | 1.19% | 2021-01-26 | 2024-11-21 |
| CVE-2020-29194 | Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI. | [email protected] | 7.5 | 1.20% | 2020-12-28 | 2024-11-21 |
| CVE-2020-29193 | Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order). | [email protected] | 6.8 | 0.36% | 2020-12-28 | 2024-11-21 |
| CVE-2020-11716 | Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support." | [email protected] | 9.8 | 1.36% | 2020-05-20 | 2024-11-21 |
| CVE-2019-5997 | Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors. | [email protected] | 9.8 | 1.72% | 2020-05-20 | 2026-02-23 |
| CVE-2020-11715 | Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support." | [email protected] | 9.8 | 1.43% | 2020-05-19 | 2024-11-21 |
| CVE-2019-15429 | The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. | [email protected] | 7.8 | 0.37% | 2019-11-14 | 2024-11-21 |
| CVE-2019-15378 | The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | [email protected] | 5.5 | 0.29% | 2019-11-14 | 2024-11-21 |