CVE-2019-5161
published 2020-03-11CVE-2019-5161: An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and…
critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wago | pfc200_firmware | — | — |
| wago | pfc200_firmware | — | — |
| wago | pfc200_firmware | — | — |
| wago | wago_pfc200_firmware | — | — |
| wago | wago_pfc200_firmware | — | — |
| wago | wago_pfc200_firmware | — | — |