CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5168
https://notcve.org/view.php?id=CVE-2019-5168
10 Mar 2020 — An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5167
https://notcve.org/view.php?id=CVE-2019-5167
10 Mar 2020 — An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5166
https://notcve.org/view.php?id=CVE-2019-5166
10 Mar 2020 — An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. Existe una vulnerabilidad de desbordamiento de búfer de la pila explotable en la funcionalidad "I/O-Check" del servicio iocheckd en... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0961 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5135
https://notcve.org/view.php?id=CVE-2019-5135
10 Mar 2020 — An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12). Existe una vulnerabilidad de discrepancia de sincronización explotable en la funcionalidad de... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-5149
https://notcve.org/view.php?id=CVE-2019-5149
10 Mar 2020 — The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PF... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0939 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 1CVE-2019-5155
https://notcve.org/view.php?id=CVE-2019-5155
10 Mar 2020 — An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12) Existe una vulnerabilidad de inyección de comando explotable en la funcionalidad cloud connectivity de WAGO PFC200. Un atacante puede inyectar comandos de sistema operativo en cualq... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0948 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 67%CPEs: 11EXPL: 6CVE-2020-8597 – ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
https://notcve.org/view.php?id=CVE-2020-8597
03 Feb 2020 — eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. El archivo eap.c en pppd en ppp versiones 2.4.2 hasta 2.4.8, presenta un desbordamiento del búfer de rhostname en las funciones eap_request y eap_response. A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. ... • https://packetstorm.news/files/id/156802 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2019-5082
https://notcve.org/view.php?id=CVE-2019-5082
08 Jan 2020 — An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer de la pila explotable en la fun... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0874 • CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18202
https://notcve.org/view.php?id=CVE-2019-18202
19 Oct 2019 — Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. Una divulgación de información es posible en los dispositivos WAGO Series PFC100 y PFC200 versiones anteriores a FW12, debido a un control de acceso inapropiado. Un atacante remoto puede comprobar la existencia de rutas y nombres de archivos por medio de peticiones HTTP diseñadas. • https://cert.vde.com/de-de/advisories/vde-2019-017 •
CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 0CVE-2018-5459
https://notcve.org/view.php?id=CVE-2018-5459
13 Feb 2018 — An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. Se ha descubie... • https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01 • CWE-287: Improper Authentication •