3 matches found
CVE-2019-5173
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5173)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
CVE-2019-5173
CVE-2019-5173 affects WAGO PFC200 with the iocheckd service “I/O-Check”. A specially crafted XML cache file parsed by iocheckd (cache at /tmp/iocheckCache.xml) can inject OS commands, which are constructed via sprintf() from XML node contents and executed through system(). The TALOS report detail...