3 matches found
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5168)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 version 03.02.0214. An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to...
CVE-2019-5168
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.0214. An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to...
CVE-2019-5168
The CVE-2019-5168 issue affects WAGO PFC200 controllers (iocheckd “I/O-Check”) where parsing of iocheckCache.xml can inject OS commands. Specifically, the vulnerability arises when values from XML nodes (e.g., domain-name, dns, hostname, ip, gateway, etc.) are fed into sprintf() to build commands...