First published: Wed Dec 18 2019(Updated: )
An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
WAGO PFC 200 Firmware | =03.00.39\(12\) | |
WAGO PFC 200 Firmware | =03.01.07\(13\) | |
WAGO PFC 200 | ||
WAGO PFC 100 Firmware | =03.00.39\(12\) | |
WAGO PFC 100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-5081.
The affected software includes WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12).
The severity of CVE-2019-5081 is critical with a score of 9.8.
An attacker can exploit this vulnerability by sending a specially crafted set of packets that can cause a heap buffer overflow.
Yes, you can find more information about this vulnerability at the following links: [Link 1](https://talosintelligence.com/vulnerability_reports/TALOS-2019-0873), [Link 2](https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0874).