CVE-2019-5075

CRITICAL

WAGO PFC200/100 <03.01.07(13), 03.00.39(12) - Buffer Overflow

Title source: llm
STIX 2.1

Description

An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service "I/O-Check" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0864

Scores

CVSS v3 9.8
EPSS 0.0387
EPSS Percentile 89.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (3)
wago/pfc_100_firmware 03.00.39\(12\)
wago/pfc_200_firmware 03.00.39\(12\)
wago/pfc_200_firmware 03.01.07\(13\)
Published Dec 18, 2019
Tracked Since Feb 18, 2026