CVE-2019-5157: OS Command Injection
First published: Tue Mar 10 2020(Updated: )
An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WAGO PFC200 Firmware | =03.00.39\(12\) | |
| WAGO PFC200 Firmware | =03.01.07\(13\) | |
| WAGO PFC200 Firmware | =03.02.02\(14\) | |
| WAGO PFC200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-5157?
CVE-2019-5157 is a command injection vulnerability in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12).
How severe is CVE-2019-5157?
CVE-2019-5157 has a severity rating of 7.2 (High).
How can an attacker exploit CVE-2019-5157?
An attacker can inject OS commands into the TimeoutUnconfirmed parameter value in the Firmware Update command.
Which versions of WAGO PFC200 Firmware are affected by CVE-2019-5157?
WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12) are affected by CVE-2019-5157.
Is WAGO PFC200 itself vulnerable to CVE-2019-5157?
No, WAGO PFC200 itself is not vulnerable to CVE-2019-5157.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/wago
- canonical/wago pfc200 firmware
- version/wago pfc200 firmware/03.00.39\(12\)
- version/wago pfc200 firmware/03.01.07\(13\)
- version/wago pfc200 firmware/03.02.02\(14\)
- canonical/wago pfc200