CVE-2019-5177

Name of the Vulnerable Software and Affected Versions WAGO PFC 200 Firmware version 03.02.02(14)

Description A stack buffer overflow issue exists in the iocheckd service, specifically in the 'I/O-Check' functionality. This occurs when the sprintf() function is called with a domainname value that exceeds a certain length, causing the destination buffer sp+0x440 to overflow. The service will crash if the domainname value is of length 0x3fa.

Recommendations For WAGO PFC 200 Firmware version 03.02.02(14), consider restricting the length of the domainname value to prevent the buffer overflow until a patch is available. As a temporary workaround, avoid using domainname values greater than 1024-len('/etc/config-tools/edit dns server domain-name=') in length to minimize the risk of exploitation.