exploitDog

CVE-2019-5171

Опубликовано: 12 мар. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address= using sprintf().

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962
Exploit
Technical Description
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:wago:pfc200_firmware:03.02.02\(14\):*:*:*:*:*:*:*

cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00228

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-hvfr-v2x6-hcr4

github

больше 3 лет назад

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf().

EPSS

Процентиль: 45%

0.00228

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78