3 matches found
Wago PFC200 Cloud Connectivity TimeoutPrepared Command Injection (CVE-2019-5156)
An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. This...
CVE-2019-5156
An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command...
CVE-2019-5156
CVE-2019-5156 affects WAGO PFC200 controllers (firmware v03.02.02(14), v03.01.07(13), v03.00.39(12)) in the Cloud Connectivity service. The vulnerability stems from passing a user-supplied value from the Firmware Update command’s TimeoutPrepared parameter into a shell command via “settimeout -c …...