CVE-2019-5176

Name of the Vulnerable Software and Affected Versions WAGO PFC 200 Firmware version 03.02.02(14)

Description A stack buffer overflow issue exists in the iocheckd service, specifically in the 'I/O-Check' functionality. This can be triggered by sending a specially crafted packet, causing the parsing of a cache file. The sprintf() function overflows the destination buffer sp+0x40 when the gateway value exceeds a certain length. A gateway value of length 0x7e2 can cause the service to crash.

Recommendations For WAGO PFC 200 Firmware version 03.02.02(14), consider restricting the length of gateway values to prevent the overflow, or avoid using the sprintf() function for gateway values until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.