5.3

CVE-2019-5073

Exploit

EPSS 0.73%
Veröffentlicht 18.12.2019 21:15:13
Zuletzt bearbeitet 21.11.2024 04:44:17
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wago ≫ Pfc 200 Firmware Version03.00.39(12)

Wago ≫ Pfc 200 Version-

Wago ≫ Pfc 200 Firmware Version03.01.07(13)

Wago ≫ Pfc 200 Version-

Wago ≫ Pfc 100 Firmware Version03.00.39(12)

Wago ≫ Pfc 100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.73%	0.703

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-5073

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5073

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5073

EUVD