Denial-of-Service Vulnerability in WAGO PFC 200 and PFC 100 Firmware
CVE-2019-5077

9.1CRITICAL

Key Information:

Vendor: Wago
Status: Wago Pfc200; Wago Pfc100
Vendor: CVE Published:; 18 December 2019

Summary

An exploitable denial-of-service vulnerability exists in the iocheckd service's I/O-Chec functionality within WAGO PFC 200 and PFC 100 firmware. When triggered by a specially crafted sequence of packets, the device can enter an error state, ceasing all network communications, which can significantly disrupt operations. Attackers can exploit this vulnerability by sending unauthenticated packets to the targeted device.

Affected Version(s)

WAGO PFC100 Firmware version 03.00.39(12)

WAGO PFC200 Firmware version 03.01.07(13)

WAGO PFC200 Firmware version 03.00.39(12)

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Jan 4, 2019