3 matches found
CVE-2019-5172
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is us...
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5172)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is use...
CVE-2019-5172
Summary: CVE-2019-5172 affects the WAGO PFC200, firmware 03.02.02(14). The iocheckd service reads a cache XML (iocheckCache.xml) from a writable location (e.g., /tmp) and, during parsing, uses values by string formatting to build OS commands which are then executed via system(). This enables mult...