CVE-2019-5173

Name of the Vulnerable Software and Affected Versions WAGO PFC 200 Firmware version 03.02.02(14)

Description A command injection issue exists in the iocheckd service 'I/O-Check' function. This is due to the improper handling of a specially crafted XML cache file, which can be used to inject OS commands. An attacker can trigger the parsing of this cache file by sending a specially crafted packet. The extracted state value from the XML file is used as an argument to the /etc/config-tools/config interfaces interface, specifically interface=X1 state=<contents of state node>, using sprintf(). This command is later executed via a call to system().

Recommendations For WAGO PFC 200 Firmware version 03.02.02(14), consider disabling the 'I/O-Check' function in the iocheckd service until a patch is available. Restrict access to the /etc/config-tools/config interfaces interface to minimize the risk of exploitation. Avoid using the state node in the XML cache file until the issue is resolved.