CVE-2020-12522 – Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10
https://notcve.org/view.php?id=CVE-2020-12522
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. La vulnerabilidad reportada permite a un atacante que tiene acceso de red al dispositivo ejecutar código con paquetes especialmente diseñados en WAGO Serie PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) con versiones de firmware anteriores a FW10 incluyéndola • https://cert.vde.com/en-us/advisories/vde-2020-045 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-5167
https://notcve.org/view.php?id=CVE-2019-5167
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=<contents of dns node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file. Se presenta una vulnerabilidad de inyección de comando explotable en la función "I/O-Check" del servicio iocheckd de WAGO PFC 200 versión 03.02.02(14). • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-8597 – ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
https://notcve.org/view.php?id=CVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. El archivo eap.c en pppd en ppp versiones 2.4.2 hasta 2.4.8, presenta un desbordamiento del búfer de rhostname en las funciones eap_request y eap_response. A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system availability, are all at risk with this vulnerability. • https://github.com/dointisme/CVE-2020-8597 https://github.com/WinMin/CVE-2020-8597 https://github.com/lakwsh/CVE-2020-8597 https://github.com/Dilan-Diaz/Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html http://packetstormsecurity.com/files/156802/pppd-2.4.8-Buffer-Overflow.html http://seclists.org/fulldisclosure/2020/Mar/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-5078
https://notcve.org/view.php?id=CVE-2019-5078
An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en la funcionalidad "I/O-Check" del servicio iocheckd de WAGO PFC 200 versiones de firmware 03.01.07(13) y 03.00.39(12), y WAGO PFC100 versión de firmware 03.00.39(12). Un conjunto de paquetes especialmente diseñado puede causar una denegación de servicio, resultando en que el dispositivo entre en un estado de error donde cesa todas las comunicaciones de red. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0870 • CWE-306: Missing Authentication for Critical Function •
CVE-2019-5075
https://notcve.org/view.php?id=CVE-2019-5075
An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service "I/O-Check" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento del búfer de la pila explotable en la utilidad getcouplerdetails de la línea de comandos de WAGO PFC 200 versiones de firmware 03.01.07(13) y 03.00.39(12), y WAGO PFC100 versión de firmware 03.00.39(12). Un conjunto de paquetes especialmente diseñado enviados a "I/O-Check" del servicio iocheckd puede causar un desbordamiento del búfer de pila en el subproceso getcouplerdetails, resultando en una ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0864 • CWE-787: Out-of-bounds Write •