CVE-2019-5174

Name of the Vulnerable Software and Affected Versions WAGO PFC 200 version 03.02.02(14)

Description A command injection issue exists in the iocheckd service 'I/O-Check' function. This is due to the parsing of a specially crafted XML cache file, which can be used to inject OS commands. An attacker can trigger the parsing of this cache file by sending a specially crafted packet. The issue involves the use of the extracted subnetmask value from the XML file as an argument to the /etc/config-tools/config interfaces interface, specifically in the interface=X1 state=enabled subnet-mask=<contents of subnetmask node> command, using sprintf(). This command is later executed via a call to system().

Recommendations For WAGO PFC 200 version 03.02.02(14), consider disabling the 'I/O-Check' function in the iocheckd service until a patch is available to prevent potential command injection attacks. Restrict access to the XML cache file to minimize the risk of exploitation. Avoid using the subnetmask node in the XML file until the issue is resolved.