CVE-2019-5181
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.
Se presenta una vulnerabilidad de desbordamiento del búfer de la pila explotable en la funcionalidad "I-O-Check" del servicio iocheckd de WAGO PFC 200, versiones de Firmware 03.02.02(14). Un archivo cache XML especialmente diseñado escrito en una ubicación específica en el dispositivo puede causar un desbordamiento del búfer de la pila, resultando en una ejecución de código. Un atacante puede enviar un paquete especialmente diseñado para activar el análisis de este archivo cache. El búfer destino p+0x440 es desbordado con la llamada a la función sprintf() para cualquier valor de mascara de subred que sea mayor que 11024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) en longitud. Un valor de mascara de subred de longitud 0x3d9 causará que el servicio se bloquee.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2020-03-11 CVE Published
- 2023-07-15 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wago Search vendor "Wago" | Pfc200 Firmware Search vendor "Wago" for product "Pfc200 Firmware" | 03.02.02\(14\) Search vendor "Wago" for product "Pfc200 Firmware" and version "03.02.02\(14\)" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc200 Search vendor "Wago" for product "Pfc200" | - | - |
Safe
|