WAGO PFC200 Firmware versions 03.01.07(13) Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability

Summary

An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). 

Credit:

The information has been provided by Kelly Leuschner

The original article can be found at:https://talosintelligence.com/vulnerability_reports/TALOS-2019-0864


Details

A specially crafted set of packets sent to the iocheckd service “I/O-Check” can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.

 

Vulnerable Systems:

WAGO PFC200 Firmware versions 03.01.07(13)

WAGO PFC200 Firmware versions 03.00.39(12)

WAGO PFC100 Firmware version 03.00.39(12)

 

CVE Information:

CVE-2019-5075

 

Disclosure Timeline:
Published Date:12/18/2019

Categories: News