CVE-2019-5178

Name of the Vulnerable Software and Affected Versions WAGO PFC 200 Firmware version 03.02.02(14)

Description A stack buffer overflow issue exists in the iocheckd service's 'I/O-Check' functionality. This can be triggered by sending a specially crafted packet, causing the parsing of a cache file. The sprintf() function overflows the destination buffer sp+0x440 when handling hostname values greater than a specific length. A hostname value of length 0x3fd can cause the service to crash.

Recommendations For WAGO PFC 200 Firmware version 03.02.02(14), consider restricting the length of hostname values to prevent the overflow, or avoid using the sprintf() function for unvalidated input until a patch is available. As a temporary workaround, consider disabling the iocheckd service's 'I/O-Check' functionality to minimize the risk of exploitation.