Buffer Overflow Vulnerability in WAGO PFC 200 Firmware
CVE-2019-5177

5.5MEDIUM

Key Information:

Vendor: Wago
Status: Wago Pfc200
Vendor: CVE Published:; 12 March 2020

Summary

A buffer overflow vulnerability exists in the I/O-Check service of the WAGO PFC 200 firmware. It occurs when a domain name value exceeds a certain length, specifically when it causes a stack overflow via the sprintf() function. When these length constraints are breached, it can lead to instability, causing the service to crash. This vulnerability poses a significant risk to systems running the affected firmware, requiring immediate attention to prevent potential exploitation.

Affected Version(s)

WAGO PFC200 Firmware version 03.02.02(14)

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2020
Vulnerability Reserved
Jan 4, 2019