Heap Buffer Overflow in WAGO PFC200 and PFC100 Firmware
CVE-2019-5082

9.8CRITICAL

Key Information:

Vendor: Wago
Status: Wago Pfc200; Wago Pfc100
Vendor: CVE Published:; 8 January 2020

Summary

A heap buffer overflow vulnerability has been identified in the iocheckd service of WAGO's PFC200 and PFC100 Firmware. By sending specially crafted packets, an attacker can exploit this vulnerability, potentially leading to unauthorized code execution. The affected versions of the firmware are WAGO PFC200 Firmware 03.01.07(13), WAGO PFC200 Firmware 03.00.39(12), and WAGO PFC100 Firmware 03.00.39(12). This vulnerability poses a significant risk as it allows unauthenticated packets to trigger potentially harmful behaviors within the system.

Affected Version(s)

WAGO PFC100 Firmware version 03.00.39(12)

WAGO PFC200 Firmware version 03.01.07(13)

WAGO PFC200 Firmware version 03.00.39(12)

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 8, 2020
Vulnerability Reserved
Jan 4, 2019