What is CVE-2019-5181?

CVE-2019-5181 is a stack buffer overflow vulnerability in the iocheckd service 'I/O-Check' functionality of WAGO PFC 200 Firmware version 03.02.02(14).

How severe is CVE-2019-5181?

CVE-2019-5181 has a severity score of 7.8, which is considered high.

How does CVE-2019-5181 occur?

CVE-2019-5181 occurs when a specially crafted XML cache file is written to a specific location on the device, causing a stack buffer overflow.

What is the affected software of CVE-2019-5181?

The affected software is WAGO PFC 200 Firmware version 03.02.02(14).

How can CVE-2019-5181 be fixed?

To fix CVE-2019-5181, users should update to a patched version of WAGO PFC 200 Firmware.

Vulnerability/
CVE-2019-5181

high

7.8

CWE

787 119

12/3/2020

17/3/2020

CVE-2019-5181: Buffer Overflow

First published: Thu Mar 12 2020(Updated: )

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.

Credit: talos-cna@cisco.com

Affected Software	Affected Version	How to fix
WAGO PFC200 Firmware	=03.02.02\(14\)
WAGO PFC200

Never miss a vulnerability like this again

Reference Links

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963

Frequently Asked Questions

What is CVE-2019-5181?
CVE-2019-5181 is a stack buffer overflow vulnerability in the iocheckd service 'I/O-Check' functionality of WAGO PFC 200 Firmware version 03.02.02(14).
How severe is CVE-2019-5181?
CVE-2019-5181 has a severity score of 7.8, which is considered high.
How does CVE-2019-5181 occur?
CVE-2019-5181 occurs when a specially crafted XML cache file is written to a specific location on the device, causing a stack buffer overflow.
What is the affected software of CVE-2019-5181?
The affected software is WAGO PFC 200 Firmware version 03.02.02(14).
How can CVE-2019-5181 be fixed?
To fix CVE-2019-5181, users should update to a patched version of WAGO PFC 200 Firmware.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/tags
agent/description
agent/type
agent/event
vendor/wago
canonical/wago pfc200 firmware
version/wago pfc200 firmware/03.02.02\(14\)
canonical/wago pfc200

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.