Wago

Pfc200 Firmware

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-5169

Exploit
  • EPSS 0.31%
  • Veröffentlicht 12.03.2020 00:15:17
  • Zuletzt bearbeitet 21.11.2024 04:44:28

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to injec...

5.5

CVE-2019-5182

Exploit
  • EPSS 0.07%
  • Veröffentlicht 11.03.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:30

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this ca...

7.8

CVE-2019-5175

Exploit
  • EPSS 0.35%
  • Veröffentlicht 11.03.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:29

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to injec...

7.8

CVE-2019-5174

Exploit
  • EPSS 0.35%
  • Veröffentlicht 11.03.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:29

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS comm...

7.8

CVE-2019-5173

Exploit
  • EPSS 0.35%
  • Veröffentlicht 11.03.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:29

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to injec...

7.8

CVE-2019-5172

Exploit
  • EPSS 0.27%
  • Veröffentlicht 11.03.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:29

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e84...

9.1

CVE-2019-5161

Exploit
  • EPSS 4.93%
  • Veröffentlicht 11.03.2020 22:27:41
  • Zuletzt bearbeitet 21.11.2024 04:44:28

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to downloa...

9.1

CVE-2019-5160

Exploit
  • EPSS 2.17%
  • Veröffentlicht 11.03.2020 22:27:41
  • Zuletzt bearbeitet 21.11.2024 04:44:27

An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to conne...

7.8

CVE-2019-5166

Exploit
  • EPSS 0.05%
  • Veröffentlicht 11.03.2020 22:27:41
  • Zuletzt bearbeitet 21.11.2024 04:44:28

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer...

7.8

CVE-2019-5167

Exploit
  • EPSS 0.58%
  • Veröffentlicht 11.03.2020 22:27:41
  • Zuletzt bearbeitet 21.11.2024 04:44:28

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_ser...