CVE-2019-5074

Name of the Vulnerable Software and Affected Versions WAGO PFC200 Firmware versions 03.00.39(12) through 03.01.07(13) WAGO PFC100 Firmware version 03.00.39(12)

Description A stack buffer overflow issue exists in the iocheckd service 'I/O-Check' functionality. This can be triggered by a specially crafted set of packets, leading to code execution. An attacker can send unauthenticated packets to exploit this issue.

Recommendations For WAGO PFC200 Firmware versions 03.00.39(12) through 03.01.07(13), update to a version that fixes the iocheckd service 'I/O-Check' functionality issue. For WAGO PFC100 Firmware version 03.00.39(12), update to a version that fixes the iocheckd service 'I/O-Check' functionality issue. As a temporary workaround, consider restricting access to the iocheckd service to minimize the risk of exploitation.