PT-2019-17456 · Wago · Wago Pfc 200+1

Published

2019-12-18

Updated

2021-07-21

CVE-2019-5074

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WAGO PFC200 Firmware versions 03.00.39(12) through 03.01.07(13) WAGO PFC100 Firmware version 03.00.39(12)

Description A stack buffer overflow issue exists in the iocheckd service 'I/O-Check' functionality. This can be triggered by a specially crafted set of packets, leading to code execution. An attacker can send unauthenticated packets to exploit this issue.

Recommendations For WAGO PFC200 Firmware versions 03.00.39(12) through 03.01.07(13), update to a version that fixes the iocheckd service 'I/O-Check' functionality issue. For WAGO PFC100 Firmware version 03.00.39(12), update to a version that fixes the iocheckd service 'I/O-Check' functionality issue. As a temporary workaround, consider restricting access to the iocheckd service to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-5074

Affected Products

Wago Pfc100

Wago Pfc 200

PT-2019-17456 · Wago · Wago Pfc 200+1

CVE-2019-5074

Weakness Enumeration

Related Identifiers

Affected Products

References · 3