Wago Pfc200 vulnerabilities

13 known vulnerabilities affecting wago/wago_pfc200.

Total CVEs

13

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH10MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2019-5169HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-12

CVE-2019-5169 [HIGH] CWE-78 CVE-2019-5169: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVE-2019-5180HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-12

CVE-2019-5180 [HIGH] CWE-787 CVE-2019-5180: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that

CVE-2019-5181HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-12

CVE-2019-5181 [HIGH] CWE-787 CVE-2019-5181: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted p

CVE-2019-5179HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-12

CVE-2019-5179 [HIGH] CWE-787 CVE-2019-5179: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVE-2019-5171HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-12

CVE-2019-5171 [HIGH] CWE-78 CVE-2019-5171: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-ad

CVE-2019-5178HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-12

CVE-2019-5178 [HIGH] CWE-787 CVE-2019-5178: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname value

CVE-2019-5170HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-12

CVE-2019-5170 [HIGH] CWE-78 CVE-2019-5170: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.A

CVE-2019-5176MEDIUMCVSS 5.5vFirmware version 03.02.02(14)2020-03-12

CVE-2019-5176 [MEDIUM] CWE-787 CVE-2019-5176: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values

CVE-2019-5177MEDIUMCVSS 5.5vFirmware version 03.02.02(14)2020-03-12

CVE-2019-5177 [MEDIUM] CWE-787 CVE-2019-5177: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in l

CVE-2019-5172HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-11

CVE-2019-5172 [HIGH] CWE-78 CVE-2019-5172: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-s

CVE-2019-5173HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-11

CVE-2019-5173 [HIGH] CWE-78 CVE-2019-5173: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.

CVE-2019-5175HIGHCVSS 7.8vFirmware version 03.02.02(14)2020-03-11

CVE-2019-5175 [HIGH] CWE-78 CVE-2019-5175: An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function o An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.A

CVE-2019-5182MEDIUMCVSS 5.5vFirmware version 03.02.02(14)2020-03-11

CVE-2019-5182 [MEDIUM] CWE-787 CVE-2019-5182: An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values t