CVE-2019-5185

Name of the Vulnerable Software and Affected Versions WAGO PFC 200 (affected versions not specified)

Description A stack buffer overflow issue exists in the iocheckd service, specifically in the "I/O-Check" functionality. This can be triggered by sending a specially crafted packet, causing the parsing of a cache file. The vulnerability involves the use of sprintf() to format a string with a state value extracted from an XML file, which can lead to a buffer overflow at sp+0x40. Later, strcpy() is used to copy the contents of this overflowed buffer into an adjacent buffer sp+0x440 on the stack, resulting in invalid memory access due to the lack of NULL termination. An attacker can exploit this by providing a state value of sufficient length, such as 0x3c9, to cause the service to crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.