Wago Pfc200 Firmware vulnerabilities

CVE-2019-5177 [MEDIUM] CWE-787 CVE-2019-5177: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in l

CVE-2019-5160 [CRITICAL] CVE-2019-5160: An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker ca

CVE-2019-5161 [CRITICAL] CWE-345 CVE-2019-5161: An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges.

CVE-2019-5134 [HIGH] CVE-2019-5134: An exploitable regular expression without anchors vulnerability exists in the Web-Based Management ( An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.

CVE-2019-5167 [HIGH] CWE-78 CVE-2019-5167: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name= using sprintf(). This command is later executed via a call to sys

CVE-2019-5175 [HIGH] CWE-78 CVE-2019-5175: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.A

CVE-2019-5168 [HIGH] CWE-78 CVE-2019-5168: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name= using sprintf().This comma

CVE-2019-5166 [HIGH] CWE-787 CVE-2019-5166: An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functi An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the pa

CVE-2019-5157 [HIGH] CWE-78 CVE-2019-5157: An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAG An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command.

CVE-2019-5156 [HIGH] CWE-78 CVE-2019-5156: An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAG An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command.

CVE-2019-5174 [HIGH] CWE-78 CVE-2019-5174: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc

CVE-2019-5155 [HIGH] CWE-78 CVE-2019-5155: An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC2 An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12)

CVE-2019-5173 [HIGH] CWE-78 CVE-2019-5173: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVE-2019-5172 [HIGH] CWE-78 CVE-2019-5172: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-s

CVE-2019-5149 [HIGH] CWE-400 CVE-2019-5149: The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears

CVE-2019-5182 [MEDIUM] CWE-787 CVE-2019-5182: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values t

CVE-2019-5135 [MEDIUM] CWE-327 CVE-2019-5135: An exploitable timing discrepancy vulnerability exists in the authentication functionality of the We An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and ver

CVE-2019-5082 [CRITICAL] CWE-787 CVE-2019-5082: An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functiona An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution.

CVE-2018-5459 [CRITICAL] CWE-287 CVE-2018-5459: An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2. An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as read