CVE-2019-5173
CVE-2019-5173
In short
A WAGO PFC 200 device allows attackers to run unauthorized commands by crafting a malicious XML file that gets executed by the iocheckd service. This is dangerous because an attacker can gain full control of the device.
Technical detail
Command injection vulnerability in WAGO PFC 200 iocheckd service (I/O-Check function) where unsanitized state values from XML cache files are passed to sprintf() and executed via system() calls. Attack vector requires crafting a malicious XML cache file at a specific location and sending a packet to trigger parsing; impact is arbitrary OS command execution with service privileges.
Summary generated and translated by AI from the official description.
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). This command is later executed via a call to system().
Affected products
Wago · WAGO PFC200Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →