PT-2019-17463 · Wago · Wago Pfc 200+1
Published
2019-12-18
·
Updated
2021-07-21
·
CVE-2019-5081
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12)
WAGO PFC100 Firmware version 03.00.39(12)
Description
A heap buffer overflow issue exists in the iocheckd service 'I/O-Chec' functionality. This can be triggered by a specially crafted set of packets, potentially resulting in code execution. An attacker can send unauthenticated packets to exploit this issue.
Recommendations
For WAGO PFC 200 Firmware version 03.01.07(13), update to a version that fixes the iocheckd service 'I/O-Chec' functionality issue.
For WAGO PFC 200 Firmware version 03.00.39(12), update to a version that fixes the iocheckd service 'I/O-Chec' functionality issue.
For WAGO PFC100 Firmware version 03.00.39(12), update to a version that fixes the iocheckd service 'I/O-Chec' functionality issue.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wago Pfc 200
Wago Pfc100