CVE-2019-5171
HIGHWAGO PFC 200 Firmware <03.02.02(14) - Command Injection
Title source: llmDescription
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf().
References (1)
Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962
Scores
CVSS v3
7.8
EPSS
0.0139
EPSS Percentile
68.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
wago/pfc200_firmware
03.02.02\(14\)
Published
Mar 12, 2020
Tracked Since
Feb 18, 2026