First published: Wed Dec 18 2019(Updated: )
An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
WAGO PFC 200 Firmware | =03.00.39\(12\) | |
WAGO PFC 200 Firmware | =03.01.07\(13\) | |
WAGO PFC 200 | ||
WAGO PFC 100 Firmware | =03.00.39\(12\) | |
WAGO PFC 100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-5077.
The severity of CVE-2019-5077 is critical with a CVSS score of 9.1.
WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12) are affected by CVE-2019-5077.
CVE-2019-5077 can be exploited by sending a specially crafted set of packets to the iocheckd service 'I/O-Chec' function of the affected WAGO PFC devices.
At this time, no fix is available for CVE-2019-5077. It is recommended to follow the suggestions provided by the vendor or security researchers.