CVE-2019-5179

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 80.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Wago Pfc200 Wago Pfc200 Firmware

Timeline

PublishedMar 12

Latest updateMay 24

Description

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDwago/pfc200_firmware03.02.02\(14\)

▶CVEListV5wago/wago_pfc200Firmware version 03.02.02(14)

🔴Vulnerability Details

GHSA

GHSA-83x4-5j8r-jg4m: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware ver↗2022-05-24

▶

CVEList

CVE-2019-5179: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware ver↗2020-03-11

▶