First published: Wed Dec 18 2019(Updated: )
An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
WAGO PFC 200 Firmware | =03.00.39\(12\) | |
WAGO PFC 200 Firmware | =03.01.07\(13\) | |
WAGO PFC 200 | ||
WAGO PFC 100 Firmware | =03.00.39\(12\) | |
WAGO PFC 100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-5079.
The severity of CVE-2019-5079 is critical with a score of 9.8.
WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12) are affected by CVE-2019-5079.
CVE-2019-5079 is a heap buffer overflow vulnerability.
CVE-2019-5079 can be exploited by sending a specially crafted set of packets to trigger a heap buffer overflow.