3 matches found
CVE-2019-5169
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5169)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
CVE-2019-5169
CVE-2019-5169 affects WAGO PFC200 with firmware 03.02.02(14). The iocheckd “I/O-Check” service parses a writable XML cache (example path: /tmp/iocheckCache.xml) and builds commands via sprintf() using values like gateway, hostname, ip, dns, domain, etc. These commands are then executed by system(...