CVE-2019-5168

Published: Mar 10, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=<contents of domainname node> using sprintf().This command is later executed via a call to system().

Vendor	Product	Versions
Wago	WAGO PFC200 Firmware	affected `version 03.02.02(14)`

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-5168

Description

Affected Products

References