Description
An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862
Scores
CVSS v3
5.3
EPSS
0.0162
EPSS Percentile
73.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
wago/pfc_100_firmware
03.00.39\(12\)
wago/pfc_200_firmware
03.00.39\(12\)
wago/pfc_200_firmware
03.01.07\(13\)
Published
Dec 18, 2019
Tracked Since
Feb 18, 2026