Vulnerabilities > CVE-2019-5176 - Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

wago

CWE-787

NVD

Published: 2020-03-12

Updated: 2020-03-17

Summary

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash.

Vulnerable Configurations

Part	Description	Count
OS	Wago Wago Pfc200 Firmware 03.02.02\(14\)	1
Hardware	Wago Wago Pfc200 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0963
last seen	2020-03-18
published	2020-03-09
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0963
title	WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Code Execution Vulnerabilities

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963