CVE-2019-5155
HIGHWAGO PFC200 Firmware 03.00.39(12)-03.02.02(14) - OS Command Injection via Firmware Update Parameters
Title source: llmDescription
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12)
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0948
Scores
CVSS v3
7.2
EPSS
0.0461
EPSS Percentile
90.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (3)
wago/pfc200_firmware
03.00.39\(12\)
wago/pfc200_firmware
03.01.07\(13\)
wago/pfc200_firmware
03.02.02\(14\)
Published
Mar 11, 2020
Tracked Since
Feb 18, 2026