3 matches found
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5171)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to...
CVE-2019-5171
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to...
CVE-2019-5171
The CVE-2019-5171 family targets WAGO PFC200 controllers, exploiting the iocheckd (I/O-Check) cache mechanism. Talos 2019-0962 documents that the iocheckCache.xml cache file (world-writable) is parsed during which multiple nodes (notably hostname and ip under /tmp/iocheckCache.xml) are used to bu...