CVE-2019-5177 — Out-of-bounds Write in Pfc200

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 63.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Pfc200 Wago Pfc200 Firmware

Timeline

PublishedMar 12

Latest updateMay 24

Description

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDwago/pfc200_firmware03.02.02\(14\)

▶CVEListV5wago/wago_pfc200Firmware version 03.02.02(14)

🔴Vulnerability Details

GHSA

GHSA-7rwr-c2gp-x6p4: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware ver↗2022-05-24

▶

CVEList

CVE-2019-5177: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware ver↗2020-03-11

▶