2 matches found
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5174)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted...
CVE-2019-5174
Summary: CVE-2019-5174 affects the WAGO PFC200 controller (firmware 03.02.02(14)) via multiple command-injection paths in the iocheckd “I/O-Check” cache parser. The vulnerability stems from parsing a file-backed XML cache (e.g., /tmp/iocheckCache.xml) and using unsafely constructed strings with s...