Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5073

An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability.

Published

2019-12-18T21:15:13.897

Last Modified

2024-11-21T04:44:17.933

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	wago	pfc_200_firmware	03.00.39\(12\)	Yes
Operating System	wago	pfc_200_firmware	03.01.07\(13\)	Yes
Hardware	wago	pfc_200	-	No
Operating System	wago	pfc_100_firmware	03.00.39\(12\)	Yes
Hardware	wago	pfc_100	-	No

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862 Exploit, Third Party Advisory ([email protected])
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)