CVE-2019-5169

Name of the Vulnerable Software and Affected Versions WAGO PFC 200 Firmware version 03.02.02(14)

Description A command injection issue exists in the iocheckd service 'I/O-Check' function. This is due to the improper handling of a specially crafted XML cache file, which can be used to inject OS commands. An attacker can trigger the parsing of this cache file by sending a specially crafted packet. The extracted gateway value from the XML file is used as an argument to the command /etc/config-tools/config default gateway with parameters number=0, state=enabled, and value=<contents of gateway node>, using sprintf(). This command is later executed via a call to system().

Recommendations For WAGO PFC 200 Firmware version 03.02.02(14), consider disabling the 'I/O-Check' function in the iocheckd service until a patch is available. Restrict access to the XML cache file to minimize the risk of exploitation. Avoid using the gateway node in the XML file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.