CVE-2019-5080

Name of the Vulnerable Software and Affected Versions WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12) WAGO PFC100 Firmware version 03.00.39(12)

Description A denial-of-service issue exists in the iocheckd service, specifically in the "I/O-Check" functionality. This can be triggered by a single packet, causing a denial of service and weakening credentials, which results in the device applying default documented credentials. An attacker can exploit this by sending an unauthenticated packet.

Recommendations For WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), consider disabling the iocheckd service until a patch is available. For WAGO PFC100 Firmware version 03.00.39(12), consider disabling the iocheckd service until a patch is available. As a temporary workaround, restrict access to the device to minimize the risk of exploitation.