Stack overflow

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file...

Command injection

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

Command injection

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to...

ABB Asset Suite

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Asset Suite Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to...

Rockwell Automation Allen-Bradley Stratix 5950

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley Stratix 5950 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write a...

CVE-2019-5181

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in co...

CVE-2019-5180

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...

CVE-2019-5178

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...

CVE-2019-5177

CVE-2019-5177 affects the WAGO PFC200 controller’s iocheckd service (I/O-Check) on firmware 03.02.02(14). The vulnerability is a stack buffer overflow in the iocheckd cache parsing when processing XML cache data; the destination buffer sp+0x440 can be overflowed via sprintf() with domainname valu...

CVE-2019-5170

CVE-2019-5170 (WAGO PFC200) affects the iocheckd “I/O-Check” caching component. The vulnerability arises while parsing a crafted XML cache file (iocheckCache.xml) placed in a writable location (notably /tmp). For the hostname node, the code uses its content in a call to sprintf to build a command...

CVE-2019-5169

CVE-2019-5169 affects WAGO PFC200 with firmware 03.02.02(14). The iocheckd “I/O-Check” service parses a writable XML cache (example path: /tmp/iocheckCache.xml) and builds commands via sprintf() using values like gateway, hostname, ip, dns, domain, etc. These commands are then executed by system(...

Command injection

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted...

Command injection

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

Stack overflow

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is...

CVE-2019-5166

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attack...

CVE-2019-5134

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC200 versions 03.00.3912 and 03.01.0713, and WAGO PFC100 version 03.00.3912. A specially crafted authentication request can bypass regular expression...

CVE-2019-5156

An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command...

CVE-2019-5157

An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.0214, 03.01.0713, and 03.00.3912. An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command...

Design/Logic Flaw

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware versio...

Command injection

An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.0214, version...