PT-2020-11063 · Wago · Wago Pfc 200+1
Kelly Leuschner
·
Published
2020-01-08
·
Updated
2020-01-22
·
CVE-2019-5082
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12)
WAGO PFC100 Firmware version 03.00.39(12)
Description
A heap buffer overflow issue exists in the iocheckd service I/O-Check functionality. This can be triggered by a specially crafted set of packets, potentially allowing code execution. The vulnerability can be exploited by sending unauthenticated packets.
Recommendations
For WAGO PFC200 Firmware version 03.01.07(13), update to a version that fixes the iocheckd service I/O-Check functionality issue.
For WAGO PFC200 Firmware version 03.00.39(12), update to a version that fixes the iocheckd service I/O-Check functionality issue.
For WAGO PFC100 Firmware version 03.00.39(12), update to a version that fixes the iocheckd service I/O-Check functionality issue.
As a temporary workaround, consider restricting access to the iocheckd service to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wago Pfc100
Wago Pfc 200