CVE-2019-5161

CWE-3453 documents3 sources

Severity

9.1CRITICAL

EPSS

4.9%

top 10.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Wago Pfc200 Firmware Wago Pfc200 Firmware

Timeline

PublishedMar 11

Latest updateMay 24

Description

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

▶NVDwago/pfc200_firmware03.00.39\(12\), 03.01.07\(13\), 03.02.02\(14\)+2

▶CVEListV5wago/wago_pfc200_firmwareversion 03.00.39(12), version 03.01.07(13), version 03.02.02(14)+2

🔴Vulnerability Details

GHSA

GHSA-9x65-cc3m-jr94: An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03↗2022-05-24

▶

CVEList

CVE-2019-5161: An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03↗2020-03-10

▶