PT-2019-17461 · Wago · Wago Pfc 200+1
Published
2019-12-18
·
Updated
2019-12-27
·
CVE-2019-5079
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12)
WAGO PFC100 Firmware version 03.00.39(12)
Description
A heap buffer overflow issue exists in the iocheckd service "I/O-Check" functionality. This can be triggered by a specially crafted set of packets, potentially resulting in code execution. An attacker can send unauthenticated packets to exploit this issue.
Recommendations
For WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), update to a version that fixes the iocheckd service "I/O-Check" functionality issue.
For WAGO PFC100 Firmware version 03.00.39(12), update to a version that fixes the iocheckd service "I/O-Check" functionality issue.
As a temporary workaround, consider restricting access to the iocheckd service to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wago Pfc100
Wago Pfc 200