First published: Wed Dec 18 2019(Updated: )
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
WAGO PFC 200 Firmware | =03.01.07\(13\) | |
WAGO PFC 200 | ||
WAGO PFC 100 Firmware | =03.00.39\(12\) | |
WAGO PFC 100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5074 is an exploitable stack buffer overflow vulnerability in the iocheckd service I/O-Check function of WAGO PFC200 Firmware versions 03.01.07(13), 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
CVE-2019-5074 has a severity rating of 9.8 (critical).
CVE-2019-5074 affects WAGO PFC200 Firmware versions 03.01.07(13), 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).
CVE-2019-5074 allows attackers to cause a stack buffer overflow by sending specially crafted packets to the iocheckd service, potentially leading to arbitrary code execution.
At the moment, there is no official fix available for CVE-2019-5074. It is recommended to contact the vendor for mitigation strategies and updates.