CVE-2019-5178: Buffer Overflow
First published: Thu Mar 12 2020(Updated: )
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname values that are greater than 1024-len(‘/etc/config-tools/change_hostname hostname=‘) in length. A hostname value of length 0x3fd will cause the service to crash.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WAGO PFC200 Firmware | =03.02.02\(14\) | |
| WAGO PFC200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-5178.
What is the severity of CVE-2019-5178?
The severity of CVE-2019-5178 is high with a severity value of 7.8.
Which software is affected by CVE-2019-5178?
The WAGO PFC 200 Firmware version 03.02.02(14) is affected by CVE-2019-5178.
How can an attacker exploit CVE-2019-5178?
An attacker can exploit CVE-2019-5178 by sending a specially crafted packet to trigger the parsing of a cache file.
Is WAGO PFC200 vulnerable to CVE-2019-5178?
No, WAGO PFC200 is not vulnerable to CVE-2019-5178.
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/wago
- canonical/wago pfc200 firmware
- version/wago pfc200 firmware/03.02.02\(14\)
- canonical/wago pfc200