2 matches found
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5170)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
CVE-2019-5170
CVE-2019-5170 (WAGO PFC200) affects the iocheckd “I/O-Check” caching component. The vulnerability arises while parsing a crafted XML cache file (iocheckCache.xml) placed in a writable location (notably /tmp). For the hostname node, the code uses its content in a call to sprintf to build a command...