3 matches found
CVE-2019-5175
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5175)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
CVE-2019-5175
WAGO PFC200 iocheckd vulnerability (CVE-2019-5175) affects the iocheckd (I/O-Check) service. The issue arises from parsing a crafted XML cache file stored at /tmp/iocheckCache.xml, where user-controlled values are fed into /etc/config-tools commands via sprintf() and later executed with system(),...