CVE-2019-5171
Last modified
CVE-2019-5171 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf().. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf().
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wago | Pfc200 Firmware | 03.02.02\(14\) |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962Exploit, Technical Description, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962Exploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-5171?
How severe is CVE-2019-5171?
How do I fix CVE-2019-5171?
Are you affected by CVE-2019-5171?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST