Vulnerabilities > CVE-2019-5180 - Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

wago

CWE-787

NVD

Published: 2020-03-12

Updated: 2020-03-17

Summary

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=‘) in length. A ip value of length 0x3da will cause the service to crash.

Vulnerable Configurations

Part	Description	Count
OS	Wago Wago Pfc200 Firmware 03.02.02\(14\)	1
Hardware	Wago Wago Pfc200 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0963
last seen	2020-03-18
published	2020-03-09
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0963
title	WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Code Execution Vulnerabilities

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963