PT-2020-11078 · Wago · Wago Pfc 200

Published

2020-03-10

Updated

2020-03-17

CVE-2019-5155

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WAGO PFC200 versions 03.00.39(12) through 03.02.02(14)

Description An exploitable command injection issue exists in the cloud connectivity feature. This allows an attacker to inject operating system commands into parameter values contained in the firmware update command.

Recommendations For version 03.00.39(12), update to a version later than 03.02.02(14) to resolve the issue. For version 03.01.07(13), update to a version later than 03.02.02(14) to resolve the issue. For version 03.02.02(14), update to a version later than 03.02.02(14) to resolve the issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-5155

Affected Products

Wago Pfc 200

PT-2020-11078 · Wago · Wago Pfc 200

CVE-2019-5155

Weakness Enumeration

Related Identifiers

Affected Products

References · 4