PT-2019-17459 · Wago · Wago Pfc 200+1

Published

2019-12-18

Updated

2020-02-10

CVE-2019-5077

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12) WAGO PFC 100 Firmware version 03.00.39(12)

Description A denial-of-service issue exists in the iocheckd service 'I/O-Chec' functionality. It can be triggered by a specially crafted set of packets, causing the device to enter an error state and cease all network communications. This can be done by sending unauthenticated packets.

Recommendations For WAGO PFC 200 Firmware version 03.01.07(13), update to a version that fixes this issue. For WAGO PFC 200 Firmware version 03.00.39(12), update to a version that fixes this issue. For WAGO PFC 100 Firmware version 03.00.39(12), update to a version that fixes this issue.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-5077

Affected Products

Wago Pfc100

Wago Pfc 200

PT-2019-17459 · Wago · Wago Pfc 200+1

CVE-2019-5077

Weakness Enumeration

Related Identifiers

Affected Products

References · 3