Cybersecurity specialists report the discovery of a critical vulnerability in FPWIN Pro, a programmable logic controller (PLC) developed by technology firm Panasonic. According to the report, successful exploitation of the flaw would allow threat actors to access sensitive information on the target system.

Tracked as CVE-2021-32972, the flaw exists because a specially crafted project file that specifies a URI causes the XML parser to access the URI and embed the content, allowing attackers to access sensitive information in the context of the user running the vulnerable software.

The vulnerability received a score of 5.9/10 on the Common Vulnerability Scoring System (CVSS) scale and was reported by researcher Michael Heinzl to the Cybersecurity and Infrastructure Security Agency (CISA).

The fault lies in all versions of the FPWIN Pro PLC prior to v7.5.1.1.

Panasonic is already aware of the report and recommends users of affected deployments upgrade to FPWIN Pro v7.5.2.0 in order to mitigate the risk of exploitation. Supplemental information about this vulnerability is available on the company’s official platforms.

Moreover, CISA also issued a number of recommendations to address the reported failure:

  • Never click on web links or open unsolicited attachments received via email
  • Identify and prevent email scam campaigns also known as phishing
  • Identify and prevent social engineering attacks and identity fraud 

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, in addition to trying to reduce the impact of a potential exploitation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Panasonic FPWIN Pro PLC programming control software vulnerability affects various industrial devices appeared first on Information Security Newspaper | Hacking News.

You May Also Like

Vulnerability in Combined Charging Systems (CCS) would allow hackers to shut down an electric vehicle from 10 meters away

Cybersecurity specialists report the discovery of a variant of cyberattack against Combined…

17 critical vulnerabilities affect 16,000 F5 BIG-IP security products

A report by F5 Networks points to the detection of a critical…

Two important vulnerabilities ( CVSSv3 score > 7) in VMware ESXi, vCenter Server & Cloud Foundation

The leader in virtualization and cloud computing technologies, VMware, has released a…

5 critical vulnerabilities in the open-source API PJSIP affect millions of WhatsApp users. Update immediately

JFrog security teams report finding 5 vulnerabilities in PJSIP, a multimedia communication…