CVE-2019-5166

CWE-787 — Out-of-bounds Write CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 84.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Wago Pfc200 Firmware Wago Pfc200 Firmware

Timeline

PublishedMar 11

Latest updateMay 24

Description

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDwago/pfc200_firmware03.02.02\(14\)

▶CVEListV5wago/wago_pfc200_firmwareversion 03.02.02(14)

🔴Vulnerability Details

GHSA

GHSA-w4qg-v526-9gvf: An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03↗2022-05-24

▶

CVEList

CVE-2019-5166: An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03↗2020-03-10

▶