Command Injection Vulnerability in WAGO PFC 200 Firmware
CVE-2019-5170

7.8HIGH

Key Information:

Vendor: Wago
Status: Wago Pfc200
Vendor: CVE Published:; 12 March 2020

What is CVE-2019-5170?

A command injection vulnerability exists in the iocheckd service within the WAGO PFC 200 Firmware, specifically in the function responsible for handling the 'I/O-Check' feature. This vulnerability allows an attacker to exploit a specially crafted XML cache file, which can be placed in a targeted location on the device. When the device parses this malicious file, it takes the extracted hostname and uses it in a system command. This command execution can lead to unauthorized control over the operating system, enabling attackers to perform operations with elevated privileges.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WAGO PFC200 Firmware version 03.02.02(14)

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2020
Vulnerability Reserved
Jan 4, 2019

JSON

Wago

What is CVE-2019-5170?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.