CVE-2019-5170: OS Command Injection
First published: Thu Mar 12 2020(Updated: )
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname=<contents of hostname node> using sprintf(). This command is later executed via a call to system().
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WAGO PFC200 Firmware | =03.02.02\(14\) | |
| WAGO PFC200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-5170?
CVE-2019-5170 is a command injection vulnerability in the iocheckd service 'I/O-Check' function of the WAGO PFC 200 Firmware version 03.02.02(14).
What is the severity of CVE-2019-5170?
CVE-2019-5170 has a severity score of 7.8 (high).
How does CVE-2019-5170 work?
CVE-2019-5170 can be exploited by sending a specially crafted XML cache file to a specific location on the device, allowing the attacker to inject OS commands.
How can I fix CVE-2019-5170?
To fix CVE-2019-5170, users should update their WAGO PFC 200 Firmware to a version that is not affected by this vulnerability.
Where can I find more information about CVE-2019-5170?
More information about CVE-2019-5170 can be found at the following reference: [https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962]
- collector/nvd-index
- vendor/wago
- canonical/wago pfc200 firmware
- version/wago pfc200 firmware/03.02.02\(14\)
- canonical/wago pfc200