XML Parsing Vulnerability in Panasonic FPWIN Pro Software
CVE-2021-32972

5.5MEDIUM

Key Information:

Vendor: Panasonic
Status: Panasonic Fpwin Pro
Vendor: CVE Published:; 9 July 2021

What is CVE-2021-32972?

The Panasonic FPWIN Pro software is susceptible to an XML parsing vulnerability that allows attackers to craft malicious project files. When a user executes these files, the XML parser is tricked into accessing a specified URI, leading to the embedding of potentially sensitive external content. This could result in unauthorized information disclosure, leveraging the context of the user's execution environment. Users of FPWIN Pro versions 7.5.1.1 and earlier are urged to evaluate the impact and mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Panasonic FPWIN Pro All Versions 7.5.1.1 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2021
Vulnerability Reserved
May 13, 2021

JSON

Panasonic