Vulnerabilities > CVE-2019-5181 - Out-of-bounds Write vulnerability in Wago Pfc200 Firmware 03.02.02(14)

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
wago
CWE-787

Summary

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.

Vulnerable Configurations

Part Description Count
OS
Wago
1
Hardware
Wago
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0963
last seen2020-03-18
published2020-03-09
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0963
titleWAGO PFC200 iocheckd service "I/O-Check" cache Multiple Code Execution Vulnerabilities