15 matches found
CVE-2019-5172
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is us...
CVE-2019-5179
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file...
Wago PFC200 iocheckd service 'I/O-Check' cache Code Execution (CVE-2019-5181)
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service I/O-Check' functionality of WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in cod...
Wago PFC200 iocheckd service 'I/O-Check' cache Code Execution (CVE-2019-5178)
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service I/O-Check' functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
Stack overflow
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. The destination buffer sp+0x440 is overflowed with the call to sprintf for any domainname values that are greater than...
Stack overflow
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
Stack overflow
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file...
CVE-2019-5181
CVE-2019-5181 affects WAGO PFC200 with the iocheckd service “I/O-Check.” A crafted cache file at /tmp/iocheckCache.xml is parsed by iocheckd, triggering stack-based buffer overflows via sscanf/sprintf usage in multiple config nodes (e.g., hostname, subnetmask, gateway, etc.). The root cause is un...
CVE-2019-5178
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
CVE-2019-5176
CVE-2019-5176 affects WAGO PFC200, specifically the iocheckd service (I/O-Check) firmware 03.02.02(14). The issue is a stack buffer overflow when parsing a cache file (iocheckCache.xml) used by the iocheckd configuration protocol. Attackers can craft an XML cache file or gateway/hostname/domainna...
CVE-2019-5171
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to...
CVE-2019-5170
CVE-2019-5170 (WAGO PFC200) affects the iocheckd “I/O-Check” caching component. The vulnerability arises while parsing a crafted XML cache file (iocheckCache.xml) placed in a writable location (notably /tmp). For the hostname node, the code uses its content in a call to sprintf to build a command...
CVE-2019-5172
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is us...
CVE-2019-5173
CVE-2019-5173 affects WAGO PFC200 with the iocheckd service “I/O-Check”. A specially crafted XML cache file parsed by iocheckd (cache at /tmp/iocheckCache.xml) can inject OS commands, which are constructed via sprintf() from XML node contents and executed through system(). The TALOS report detail...
CVE-2019-5182
Affected software: WAGO PFC200 with iocheckd service “I/O-Check”. Vulnerability: stack-based buffer overflow in parsing the XML cache file used by iocheckCache.xml, triggered by crafted cache content (e.g., settings affecting hostname/name, etc.). Root cause: overlong input copied into a 1024-byt...