Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistTalosCVELIST:CVE-2019-5181
HistoryMar 11, 2020 - 11:31 p.m.

CVE-2019-5181

2020-03-1123:31:09
talos
www.cve.org

0.001 Low

EPSS

Percentile

22.9%

JSON

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.

CNA Affected

[
  {
    "product": "WAGO PFC200",
    "vendor": "Wago",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware version 03.02.02(14)"
      }
    ]
  }
]

Related

nvd 1
nessus 1
cve 1
prion 1
talos 1
nvd
nvd
CVE-2019-5181
2020-03-12 00:15:18
nessus
nessus
Wago PFC200 iocheckd service 'I/O-Check' cache Code Execution (CVE-2019-5181)
2023-02-14 00:00:00
cve
cve
CVE-2019-5181
2020-03-12 00:15:18
prion
prion
Stack overflow
2020-03-12 00:15:00
talos
talos
WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Code Execution Vulnerabilities
2020-03-09 00:00:00

0.001 Low

EPSS

Percentile

22.9%

JSON
Related for CVELIST:CVE-2019-5181
nvd1nessus1cve1prion1talos1