Pfc200 Firmware Security Vulnerabilities and Issues — Pfc200 Firmware CVE List

Lucene search

WagoPfc200 Firmware

21 matches found

CVE•added 2020/03/12 12:15 a.m.•121 views

CVE-2019-5170

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially c...

7.8CVSS7.6AI score0.0035EPSS

CVE•added 2020/03/11 11:15 p.m.•109 views

CVE-2019-5175

7.8CVSS7.6AI score0.0035EPSS

CVE•added 2020/03/11 10:27 p.m.•102 views

CVE-2019-5167

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name= using sp...

7.8CVSS7.6AI score0.00578EPSS

CVE•added 2020/03/12 12:15 a.m.•99 views

CVE-2019-5169

7.8CVSS7.6AI score0.00314EPSS

CVE•added 2020/03/12 12:15 a.m.•96 views

CVE-2019-5178

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is over...

7.8CVSS7.6AI score0.00066EPSS

CVE•added 2020/03/12 12:15 a.m.•95 views

CVE-2019-5171

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config...

7.8CVSS7.7AI score0.00228EPSS

CVE•added 2020/03/12 12:15 a.m.•95 views

CVE-2019-5180

7.8CVSS7.6AI score0.00066EPSS

CVE•added 2020/03/12 12:15 a.m.•95 views

CVE-2019-5181

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in co...

7.8CVSS7.8AI score0.00066EPSS

CVE•added 2020/03/11 11:15 p.m.•94 views

CVE-2019-5174

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted pa...

7.8CVSS7.6AI score0.0035EPSS

CVE•added 2020/03/12 12:15 a.m.•92 views

CVE-2019-5179

7.8CVSS7.6AI score0.00066EPSS

CVE•added 2020/03/11 11:15 p.m.•86 views

CVE-2019-5172

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is us...

7.8CVSS7.6AI score0.00269EPSS

CVE•added 2020/03/11 10:27 p.m.•81 views

CVE-2019-5134

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression...

7.5CVSS7.4AI score0.00284EPSS

CVE•added 2020/03/11 10:27 p.m.•81 views

CVE-2019-5149

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. ...

7.5CVSS7.3AI score0.00436EPSS

CVE•added 2020/03/11 11:15 p.m.•81 views

CVE-2019-5173

7.8CVSS7.6AI score0.0035EPSS

CVE•added 2020/03/11 10:27 p.m.•68 views

CVE-2019-5168

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tool...

7.8CVSS7.7AI score0.00469EPSS

CVE•added 2020/03/11 10:27 p.m.•67 views

CVE-2019-5166

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attack...

7.8CVSS7.8AI score0.00053EPSS

CVE•added 2020/03/11 10:27 p.m.•64 views

CVE-2019-5156

An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command.

7.2CVSS7.2AI score0.02855EPSS

CVE•added 2020/03/11 10:27 p.m.•64 views

CVE-2019-5157

An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command.

7.2CVSS7.2AI score0.02855EPSS

CVE•added 2020/03/23 2:15 p.m.•47 views

CVE-2019-5186

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is u...

7CVSS6.9AI score0.00053EPSS

CVE•added 2020/03/23 2:15 p.m.•46 views

CVE-2019-5185

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an ...

7CVSS6.9AI score0.00053EPSS

CVE•added 2020/03/23 2:15 p.m.•45 views

CVE-2019-5184

An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execut...

7.8CVSS7.6AI score0.00054EPSS