CVE-2019-5166
published 2020-03-11CVE-2019-5166: An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wago | pfc200_firmware | — | — |
| wago | wago_pfc200_firmware | — | — |