4 matches found
Wago PFC200 iocheckd service 'I/O-Check' cache Code Execution (CVE-2019-5176)
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service I/O-Check' functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is...
Wago PFC200 iocheckd service 'I/O-Check' cache Command Injection (CVE-2019-5175)
An exploitable command injection vulnerability exists in the iocheckd service I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
Command injection
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
CVE-2019-5149
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...