CVE-2019-5080

CWE-306Missing Authentication3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.4%
top 38.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Wago PFC 100 FirmwareWago PFC 200 Firmware
Timeline
PublishedDec 18
Latest updateMay 24

Description

An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

NVDwago/pfc_100_firmware03.00.39\(12\)
NVDwago/pfc_200_firmware03.00.39\(12\), 03.01.07\(13\)+1
CVEListV5wago_pfc100Firmware version 03.00.39(12)
CVEListV5wago_pfc200Firmware version 03.00.39(12), Firmware version 03.01.07(13)+1

🔴Vulnerability Details

2
GHSA
GHSA-753h-jhp3-85mr: An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 032022-05-24
CVEList
CVE-2019-5080: An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 032019-12-18