5905 matches found
CVE-2019-5180
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
Stack overflow
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in co...
Stack overflow
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
Stack overflow
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file...
Stack overflow
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is...
Stack overflow
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. The destination buffer sp+0x440 is overflowed with the call to sprintf for any domainname values that are greater than...
Stack overflow
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
WAGO PFC200 Stack Buffer Overflow Vulnerability (CNVD-2020-16854)
The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A stack buffer overflow vulnerability exists in the iocheckd service 'I/O-Check' function of the WAGO PFC200 03.02.0214. An attacker could exploit this vulnerability via a specially crafted XML cache file to achieve code...
Debian DLA-2137-1 : sleuthkit security update
In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c. For Debian 8 'Jessie', this problem has been fixed in version 4.1.3-4+deb8u2. We recommend that you upgrade your sleuthkit...
CVE-2019-5181
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in co...
CVE-2019-5181
CVE-2019-5181 affects WAGO PFC200 with the iocheckd service “I/O-Check.” A crafted cache file at /tmp/iocheckCache.xml is parsed by iocheckd, triggering stack-based buffer overflows via sscanf/sprintf usage in multiple config nodes (e.g., hostname, subnetmask, gateway, etc.). The root cause is un...
CVE-2019-5180
CVE-2019-5180 affects WAGO PFC200 via the iocheckd service (I/O-Check). Talos details show a stack-based buffer overflow while parsing the XML cache file (/tmp/iocheckCache.xml) used by iocheckd, with multiple vulnerable parameters (e.g., hostname, ip, gateway, domainname, ntp, subnet-mask, etc.)...
CVE-2019-5180
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
CVE-2019-5179
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file...
CVE-2019-5179
The CVE-2019-5179 entry concerns the WAGO PFC200 controller with firmware 03.02.02(14). The iocheckd service’s I/O-Check cache parsing (via the file /tmp/iocheckCache.xml) is vulnerable to a stack-based overflow triggered by crafted XML content, enabling code execution. Talos documents multiple c...
CVE-2019-5178
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
CVE-2019-5178
CVE-2019-5178 affects WAGO PFC200 controllers (iocheckd) with a stack buffer overflow in the I/O-Check cache parsing workflow. The iocheckCache.xml hostname parameter can overflow a 1024-byte destination buffer via sprintf(), when hostname length exceeds a threshold (example provided 0x3fd). The ...
CVE-2019-5177
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. The destination buffer sp+0x440 is overflowed with the call to sprintf for any domainname values that are greater than...
CVE-2019-5176
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is...
CVE-2019-5176
CVE-2019-5176 affects WAGO PFC200, specifically the iocheckd service (I/O-Check) firmware 03.02.02(14). The issue is a stack buffer overflow when parsing a cache file (iocheckCache.xml) used by the iocheckd configuration protocol. Attackers can craft an XML cache file or gateway/hostname/domainna...