3 matches found
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5167)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 version 03.02.0214. At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/editdnsserver %s dns-server-nr=%d dns- server-name= using...
CVE-2019-5167
CVE-2019-5167 affects WAGO PFC200 controllers with the iocheckd service “I/O-Check.” The TALOS report details a command-injection path in the iocheckd cache parsing: a DNS/XML cache entry is read, assembled via sprintf into a command such as /etc/config-tools/edit_dns_server …, and then executed ...
WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Command Injection Vulnerabilities
Summary An exploitable command injection vulnerability exists in the iocheckd service “I/O-Check” function of the WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to...