CVE-2019-5075

Name of the Vulnerable Software and Affected Versions WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12) WAGO PFC100 Firmware version 03.00.39(12)

Description A stack buffer overflow issue exists in the command line utility getcouplerdetails. This can be triggered by sending a specially crafted set of packets to the "I/O-Check" iocheckd service, causing a stack buffer overflow in the sub-process getcouplerdetails and potentially allowing code execution. An attacker can send unauthenticated packets to exploit this issue.

Recommendations For WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), consider disabling the getcouplerdetails utility until a patch is available. For WAGO PFC100 Firmware version 03.00.39(12), consider disabling the getcouplerdetails utility until a patch is available. Restrict access to the iocheckd service "I/O-Check" to minimize the risk of exploitation.