CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5081

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile34.13th
PublishedDec 18, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.

Affected Platforms (CPE)

๐Ÿ’ป
Wago

Pfc 200 Firmware

= 03.00.39\(12\)
๐Ÿ’ป
Wago

Pfc 200 Firmware

= 03.01.07\(13\)
๐Ÿ’ป
Wago

Pfc 100 Firmware

= 03.00.39\(12\)

References & Advisories

๐Ÿ”— https://talosintelligence.com/vulnerability_reports/TALOS-2019-0873
๐Ÿ”— https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0874
๐Ÿ”— https://talosintelligence.com/vulnerability_reports/TALOS-2019-0873
๐Ÿ”— https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0874

Related Vulnerabilities

CVE-2020-1252210.0

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets ...

CVE-2019-50779.1

An exploitable denial-of-service vulnerability exists in the iocheckd service โ€˜โ€™I/O-Checโ€™โ€™ functionality of WAGO PFC 200 Firmware ...

CVE-2019-50809.1

An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware v...

CVE-2019-51737.8

An exploitable command injection vulnerability exists in the iocheckd service โ€˜I/O-Checkโ€™ function of the WAGO PFC 200 Firmware ve...