CVE-2019-5073

Name of the Vulnerable Software and Affected Versions WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12) WAGO PFC100 Firmware version 03.00.39(12)

Description An exploitable information exposure issue exists in the iocheckd service "I/O-Check" functionality. This issue can be triggered by a specially crafted set of packets, causing an external tool to fail and resulting in uninitialized stack data being copied to the response packet buffer. An attacker can send unauthenticated packets to exploit this issue.

Recommendations For WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), update to a fixed version to resolve the issue. For WAGO PFC100 Firmware version 03.00.39(12), update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the iocheckd service to minimize the risk of exploitation.