CVE-2019-5171

Published: Mar 11, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf().

Vendor	Product	Versions
Wago	WAGO PFC200	affected `Firmware version 03.02.02(14)`

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-5171

Description

Affected Products

References