Search criteria
50 vulnerabilities found for PFC200 by WAGO
VAR-201702-0861
Vulnerability from variot - Updated: 2025-04-20 23:36An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. WAGO 750-8202 / PFC200 and so on are all bus editable logic controller modules of German WAGO company.
An authentication bypass vulnerability exists in several WAGO products. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may lead to further attacks. The following products are vulnerable: WAGO 750-8202/PFC200 prior to FW04 WAGO 750-881 prior to FW09 WAGO 0758-0874-0000-0111. WAGO 750-8202/PFC200, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0861",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "758-xxxx series",
"scope": "eq",
"trust": 1.6,
"vendor": "wago",
"version": null
},
{
"model": "750-xxxx series",
"scope": "eq",
"trust": 1.6,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.6,
"vendor": "wago",
"version": null
},
{
"model": "750-xxxx series",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "758-xxxx series",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "0758-0874-0000-0111"
},
{
"model": "\u003cfw09",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-881"
},
{
"model": "750-8202/pfc200 \u003cfw04",
"scope": null,
"trust": 0.6,
"vendor": "wago",
"version": null
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "0"
},
{
"model": "wago",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-8810"
},
{
"model": "wago",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "750-82020"
},
{
"model": "wago",
"scope": "eq",
"trust": 0.3,
"vendor": "wago",
"version": "0758-0874-0000-0111"
},
{
"model": "pfc200 fw04",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": null
},
{
"model": "fw09",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-881"
},
{
"model": "fw04",
"scope": "ne",
"trust": 0.3,
"vendor": "wago",
"version": "750-8202"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13097"
},
{
"db": "BID",
"id": "95074"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-631"
},
{
"db": "NVD",
"id": "CVE-2016-9362"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:750-xxxx_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:758-xxxx_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp.",
"sources": [
{
"db": "BID",
"id": "95074"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-631"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9362",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-9362",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9362",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-13097",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-98182",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-9362",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9362",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9362",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-9362",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-13097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-631",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98182",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-9362",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13097"
},
{
"db": "VULHUB",
"id": "VHN-98182"
},
{
"db": "VULMON",
"id": "CVE-2016-9362"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-631"
},
{
"db": "NVD",
"id": "CVE-2016-9362"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. WAGO 750-8202 / PFC200 and so on are all bus editable logic controller modules of German WAGO company. \n\nAn authentication bypass vulnerability exists in several WAGO products. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may lead to further attacks. \nThe following products are vulnerable:\nWAGO 750-8202/PFC200 prior to FW04\nWAGO 750-881 prior to FW09\nWAGO 0758-0874-0000-0111. WAGO 750-8202/PFC200, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9362"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"db": "CNVD",
"id": "CNVD-2016-13097"
},
{
"db": "BID",
"id": "95074"
},
{
"db": "VULHUB",
"id": "VHN-98182"
},
{
"db": "VULMON",
"id": "CVE-2016-9362"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9362",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-357-02",
"trust": 2.9
},
{
"db": "BID",
"id": "95074",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007990",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-631",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-13097",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-98182",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-9362",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13097"
},
{
"db": "VULHUB",
"id": "VHN-98182"
},
{
"db": "VULMON",
"id": "CVE-2016-9362"
},
{
"db": "BID",
"id": "95074"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-631"
},
{
"db": "NVD",
"id": "CVE-2016-9362"
}
]
},
"id": "VAR-201702-0861",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-98182"
}
],
"trust": 0.8906499455555554
},
"last_update_date": "2025-04-20T23:36:57.255000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://global.wago.com/jp/"
},
{
"title": "Patch for Multiple WAGO Product Certification Bypass Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/86762"
},
{
"title": "Multiple WAGO Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66653"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-631"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98182"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"db": "NVD",
"id": "CVE-2016-9362"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-357-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/95074"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9362"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9362"
},
{
"trust": 0.3,
"url": " http://www.wago.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13097"
},
{
"db": "VULHUB",
"id": "VHN-98182"
},
{
"db": "VULMON",
"id": "CVE-2016-9362"
},
{
"db": "BID",
"id": "95074"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-631"
},
{
"db": "NVD",
"id": "CVE-2016-9362"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-13097"
},
{
"db": "VULHUB",
"id": "VHN-98182"
},
{
"db": "VULMON",
"id": "CVE-2016-9362"
},
{
"db": "BID",
"id": "95074"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-631"
},
{
"db": "NVD",
"id": "CVE-2016-9362"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-13097"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98182"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-9362"
},
{
"date": "2016-12-22T00:00:00",
"db": "BID",
"id": "95074"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"date": "2016-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-631"
},
{
"date": "2017-02-13T21:59:02.110000",
"db": "NVD",
"id": "CVE-2016-9362"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-13097"
},
{
"date": "2017-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-98182"
},
{
"date": "2017-06-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-9362"
},
{
"date": "2017-01-12T08:04:00",
"db": "BID",
"id": "95074"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007990"
},
{
"date": "2016-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-631"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-9362"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-631"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WAGO Vulnerability of editing settings without authentication in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007990"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-631"
}
],
"trust": 0.6
}
}
VAR-201910-0872
Vulnerability from variot - Updated: 2024-11-23 23:11Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. WAGO Series PFC100 and PFC200 The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. WAGO Series PFC100 and WAGO Series PFC200 are both programmable logic controllers from German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0872",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.35\\(12\\)"
},
{
"model": "pfc100",
"scope": "lt",
"trust": 0.8,
"vendor": "wago",
"version": "fw12"
},
{
"model": "pfc200",
"scope": "lt",
"trust": 0.8,
"vendor": "wago",
"version": "fw12"
},
{
"model": "series pfc100",
"scope": null,
"trust": 0.6,
"vendor": "wago",
"version": null
},
{
"model": "series pfc200",
"scope": null,
"trust": 0.6,
"vendor": "wago",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc100",
"version": "750-8101/000-010"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc100",
"version": "750-8101/025-000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc200",
"version": "750-8102/025-000"
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
}
]
},
"cve": "CVE-2019-18202",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18202",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36938",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18202",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18202",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18202",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18202",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-18202",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-18202",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-36938",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1241",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. WAGO Series PFC100 and PFC200 The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. WAGO Series PFC100 and WAGO Series PFC200 are both programmable logic controllers from German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18202",
"trust": 3.2
},
{
"db": "CERT@VDE",
"id": "VDE-2019-017",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-36938",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220",
"trust": 0.8
},
{
"db": "IVD",
"id": "9E1B1036-BEB0-4EF4-8A24-7C7AF0EC364A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"id": "VAR-201910-0872",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
}
],
"trust": 1.5584546440000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
}
]
},
"last_update_date": "2024-11-23T23:11:42.448000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "Patch for WAGO Series PFC100 and WAGO Series PFC200 Improper Access Control Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186775"
},
{
"title": "WAGO Series PFC100 and WAGO Series PFC200 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=100674"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-610",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://cert.vde.com/de-de/advisories/vde-2019-017"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18202"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18202"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
},
{
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"date": "2019-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1241"
},
{
"date": "2019-10-19T01:15:10.467000",
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36938"
},
{
"date": "2019-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011220"
},
{
"date": "2023-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1241"
},
{
"date": "2024-11-21T04:32:49.313000",
"db": "NVD",
"id": "CVE-2019-18202"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO Series PFC100 and PFC200 Vulnerability related to externally controllable references to other domain resources on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1241"
}
],
"trust": 0.8
}
}
VAR-202003-0679
Vulnerability from variot - Updated: 2024-11-23 23:08An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. WAGO PFC 200 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company.
The cloud connection function in WAGO PFC200 using firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12) has an operating system command injection vulnerability that stems from external input data to construct an operating system executable During the command process, the network system or product does not properly filter the special characters, commands, etc., and the attacker can use the vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0679",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "20003.01.07(13)"
},
{
"model": "pfc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "20003.00.39(12)"
},
{
"model": "pfc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "20003.02.02(14)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
},
{
"db": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014978"
},
{
"db": "NVD",
"id": "CVE-2019-5157"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014978"
}
]
},
"cve": "CVE-2019-5157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-5157",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014978",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-19518",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-5157",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014978",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5157",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014978",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19518",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-371",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
},
{
"db": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014978"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-371"
},
{
"db": "NVD",
"id": "CVE-2019-5157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. WAGO PFC 200 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company. \n\r\n\r\nThe cloud connection function in WAGO PFC200 using firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12) has an operating system command injection vulnerability that stems from external input data to construct an operating system executable During the command process, the network system or product does not properly filter the special characters, commands, etc., and the attacker can use the vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5157"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014978"
},
{
"db": "CNVD",
"id": "CNVD-2020-19518"
},
{
"db": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
},
{
"db": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5157",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0950",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19518",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-371",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014978",
"trust": 0.8
},
{
"db": "IVD",
"id": "D1247760-93C2-4AE9-BA70-2FC8D4A53208",
"trust": 0.2
},
{
"db": "IVD",
"id": "5CDD007E-89B7-4F08-BCD5-F4121200EFDD",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
},
{
"db": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014978"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-371"
},
{
"db": "NVD",
"id": "CVE-2019-5157"
}
]
},
"id": "VAR-202003-0679",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
},
{
"db": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19518"
}
],
"trust": 1.74345593
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
},
{
"db": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19518"
}
]
},
"last_update_date": "2024-11-23T23:08:04.734000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014978"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014978"
},
{
"db": "NVD",
"id": "CVE-2019-5157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0950"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5157"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5157"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014978"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-371"
},
{
"db": "NVD",
"id": "CVE-2019-5157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
},
{
"db": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014978"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-371"
},
{
"db": "NVD",
"id": "CVE-2019-5157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
},
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19518"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014978"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-371"
},
{
"date": "2020-03-11T22:27:40.897000",
"db": "NVD",
"id": "CVE-2019-5157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19518"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014978"
},
{
"date": "2020-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-371"
},
{
"date": "2024-11-21T04:44:27.557000",
"db": "NVD",
"id": "CVE-2019-5157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-371"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 Operating system command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
},
{
"db": "IVD",
"id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
},
{
"db": "CNVD",
"id": "CNVD-2020-19518"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-371"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-371"
}
],
"trust": 0.6
}
}
VAR-202003-0678
Vulnerability from variot - Updated: 2024-11-23 23:01An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. WAGO PFC 200 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) of German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0678",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
},
{
"db": "IVD",
"id": "d31da0e1-ddee-4689-915a-172880949664"
},
{
"db": "CNVD",
"id": "CNVD-2020-19519"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
},
{
"db": "NVD",
"id": "CVE-2019-5156"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
}
]
},
"cve": "CVE-2019-5156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-5156",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014977",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-19519",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "d31da0e1-ddee-4689-915a-172880949664",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-5156",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014977",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5156",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014977",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19519",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-325",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d31da0e1-ddee-4689-915a-172880949664",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
},
{
"db": "IVD",
"id": "d31da0e1-ddee-4689-915a-172880949664"
},
{
"db": "CNVD",
"id": "CNVD-2020-19519"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-325"
},
{
"db": "NVD",
"id": "CVE-2019-5156"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. WAGO PFC 200 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) of German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
},
{
"db": "CNVD",
"id": "CNVD-2020-19519"
},
{
"db": "IVD",
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
},
{
"db": "IVD",
"id": "d31da0e1-ddee-4689-915a-172880949664"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5156",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0949",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-19519",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-325",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014977",
"trust": 0.8
},
{
"db": "IVD",
"id": "769FF9A1-2CCE-467C-9DB4-BED545D61CCF",
"trust": 0.2
},
{
"db": "IVD",
"id": "D31DA0E1-DDEE-4689-915A-172880949664",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
},
{
"db": "IVD",
"id": "d31da0e1-ddee-4689-915a-172880949664"
},
{
"db": "CNVD",
"id": "CNVD-2020-19519"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-325"
},
{
"db": "NVD",
"id": "CVE-2019-5156"
}
]
},
"id": "VAR-202003-0678",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
},
{
"db": "IVD",
"id": "d31da0e1-ddee-4689-915a-172880949664"
},
{
"db": "CNVD",
"id": "CNVD-2020-19519"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
},
{
"db": "IVD",
"id": "d31da0e1-ddee-4689-915a-172880949664"
},
{
"db": "CNVD",
"id": "CNVD-2020-19519"
}
]
},
"last_update_date": "2024-11-23T23:01:30.628000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
},
{
"db": "NVD",
"id": "CVE-2019-5156"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0949"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5156"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5156"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19519"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-325"
},
{
"db": "NVD",
"id": "CVE-2019-5156"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
},
{
"db": "IVD",
"id": "d31da0e1-ddee-4689-915a-172880949664"
},
{
"db": "CNVD",
"id": "CNVD-2020-19519"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-325"
},
{
"db": "NVD",
"id": "CVE-2019-5156"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "d31da0e1-ddee-4689-915a-172880949664"
},
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19519"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014977"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-325"
},
{
"date": "2020-03-11T22:27:40.817000",
"db": "NVD",
"id": "CVE-2019-5156"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19519"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014977"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-325"
},
{
"date": "2024-11-21T04:44:27.447000",
"db": "NVD",
"id": "CVE-2019-5156"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014977"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-325"
}
],
"trust": 0.6
}
}
VAR-202003-0701
Vulnerability from variot - Updated: 2024-11-23 23:01An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0701",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "pfc200",
"version": "03.02.02(14)"
},
{
"model": "pfc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "200"
}
],
"sources": [
{
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
},
{
"db": "CNVD",
"id": "CNVD-2020-19509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015154"
},
{
"db": "NVD",
"id": "CVE-2019-5184"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015154"
}
]
},
"cve": "CVE-2019-5184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5184",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015154",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "CNVD-2020-19509",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "81572f69-1e74-46dc-83f1-5bd979f17592",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5184",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015154",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5184",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015154",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19509",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-359",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
},
{
"db": "CNVD",
"id": "CNVD-2020-19509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015154"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-359"
},
{
"db": "NVD",
"id": "CVE-2019-5184"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable double free vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5184"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015154"
},
{
"db": "CNVD",
"id": "CNVD-2020-19509"
},
{
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5184",
"trust": 3.6
},
{
"db": "TALOS",
"id": "TALOS-2019-0965",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-19509",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-202003-359",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015154",
"trust": 0.8
},
{
"db": "IVD",
"id": "F634B90B-7AEB-44EA-B4E2-948A6B6C7CBF",
"trust": 0.2
},
{
"db": "IVD",
"id": "81572F69-1E74-46DC-83F1-5BD979F17592",
"trust": 0.2
},
{
"db": "IVD",
"id": "9B67B2A9-75E5-4B5F-80DF-956EC36DF771",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
},
{
"db": "CNVD",
"id": "CNVD-2020-19509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015154"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-359"
},
{
"db": "NVD",
"id": "CVE-2019-5184"
}
]
},
"id": "VAR-202003-0701",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
},
{
"db": "CNVD",
"id": "CNVD-2020-19509"
}
],
"trust": 1.94345593
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
},
{
"db": "CNVD",
"id": "CNVD-2020-19509"
}
]
},
"last_update_date": "2024-11-23T23:01:30.590000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015154"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015154"
},
{
"db": "NVD",
"id": "CVE-2019-5184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0965"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5184"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5184"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015154"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-359"
},
{
"db": "NVD",
"id": "CVE-2019-5184"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
},
{
"db": "CNVD",
"id": "CNVD-2020-19509"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015154"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-359"
},
{
"db": "NVD",
"id": "CVE-2019-5184"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
},
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19509"
},
{
"date": "2020-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015154"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-359"
},
{
"date": "2020-03-23T14:15:13.190000",
"db": "NVD",
"id": "CVE-2019-5184"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19509"
},
{
"date": "2020-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015154"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-359"
},
{
"date": "2024-11-21T04:44:30.623000",
"db": "NVD",
"id": "CVE-2019-5184"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-359"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 Resource Management Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
},
{
"db": "CNVD",
"id": "CNVD-2020-19509"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-359"
}
],
"trust": 1.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
},
{
"db": "IVD",
"id": "81572f69-1e74-46dc-83f1-5bd979f17592"
},
{
"db": "IVD",
"id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-359"
}
],
"trust": 1.2
}
}
VAR-202003-0684
Vulnerability from variot - Updated: 2024-11-23 22:58An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company.
There is a security hole in WAGO PFC 200
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0684",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
},
{
"db": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17498"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
},
{
"db": "NVD",
"id": "CVE-2019-5166"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
}
]
},
"cve": "CVE-2019-5166",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5166",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014895",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-17498",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5166",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014895",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5166",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014895",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17498",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-632",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
},
{
"db": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17498"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-632"
},
{
"db": "NVD",
"id": "CVE-2019-5166"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable stack buffer overflow vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company. \n\r\n\r\nThere is a security hole in WAGO PFC 200",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5166"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
},
{
"db": "CNVD",
"id": "CNVD-2020-17498"
},
{
"db": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
},
{
"db": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5166",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0961",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17498",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-632",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014895",
"trust": 0.8
},
{
"db": "IVD",
"id": "E51458CB-9DC6-4948-82DF-962171B5D5D5",
"trust": 0.2
},
{
"db": "IVD",
"id": "AC477E1B-140B-46DC-88DF-51352EE3D88D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
},
{
"db": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17498"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-632"
},
{
"db": "NVD",
"id": "CVE-2019-5166"
}
]
},
"id": "VAR-202003-0684",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
},
{
"db": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17498"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
},
{
"db": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17498"
}
]
},
"last_update_date": "2024-11-23T22:58:20.678000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PFC200 Controller",
"trust": 0.8,
"url": "https://www.wago.com/us/pfc200"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
},
{
"db": "NVD",
"id": "CVE-2019-5166"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0961"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5166"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5166"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17498"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-632"
},
{
"db": "NVD",
"id": "CVE-2019-5166"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
},
{
"db": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
},
{
"db": "CNVD",
"id": "CNVD-2020-17498"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-632"
},
{
"db": "NVD",
"id": "CVE-2019-5166"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
},
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17498"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014895"
},
{
"date": "2020-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-632"
},
{
"date": "2020-03-11T22:27:41.300000",
"db": "NVD",
"id": "CVE-2019-5166"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17498"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014895"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-632"
},
{
"date": "2024-11-21T04:44:28.610000",
"db": "NVD",
"id": "CVE-2019-5166"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-632"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014895"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
},
{
"db": "IVD",
"id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-632"
}
],
"trust": 1.0
}
}
VAR-202003-0677
Vulnerability from variot - Updated: 2024-11-23 22:55An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12). WAGO PFC200 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0677",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
},
{
"db": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
},
{
"db": "CNVD",
"id": "CNVD-2020-17495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014932"
},
{
"db": "NVD",
"id": "CVE-2019-5155"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014932"
}
]
},
"cve": "CVE-2019-5155",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-5155",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014932",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-17495",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-5155",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014932",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5155",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014932",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17495",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-334",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
},
{
"db": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
},
{
"db": "CNVD",
"id": "CNVD-2020-17495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014932"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-334"
},
{
"db": "NVD",
"id": "CVE-2019-5155"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12). WAGO PFC200 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5155"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014932"
},
{
"db": "CNVD",
"id": "CNVD-2020-17495"
},
{
"db": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
},
{
"db": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5155",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0948",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-17495",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-334",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014932",
"trust": 0.8
},
{
"db": "IVD",
"id": "5B9FB2AD-5F45-49D6-9BB3-38C388576359",
"trust": 0.2
},
{
"db": "IVD",
"id": "0444E0CF-83E3-4C67-B00F-4904635FE6BD",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
},
{
"db": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
},
{
"db": "CNVD",
"id": "CNVD-2020-17495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014932"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-334"
},
{
"db": "NVD",
"id": "CVE-2019-5155"
}
]
},
"id": "VAR-202003-0677",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
},
{
"db": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
},
{
"db": "CNVD",
"id": "CNVD-2020-17495"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
},
{
"db": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
},
{
"db": "CNVD",
"id": "CNVD-2020-17495"
}
]
},
"last_update_date": "2024-11-23T22:55:16.352000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014932"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014932"
},
{
"db": "NVD",
"id": "CVE-2019-5155"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0948"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5155"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5155"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014932"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-334"
},
{
"db": "NVD",
"id": "CVE-2019-5155"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
},
{
"db": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
},
{
"db": "CNVD",
"id": "CNVD-2020-17495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014932"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-334"
},
{
"db": "NVD",
"id": "CVE-2019-5155"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17495"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014932"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-334"
},
{
"date": "2020-03-11T22:27:40.753000",
"db": "NVD",
"id": "CVE-2019-5155"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17495"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014932"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-334"
},
{
"date": "2024-11-21T04:44:27.340000",
"db": "NVD",
"id": "CVE-2019-5155"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-334"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 Operating system command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
},
{
"db": "IVD",
"id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
},
{
"db": "CNVD",
"id": "CNVD-2020-17495"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-334"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-334"
}
],
"trust": 0.6
}
}
VAR-202006-1778
Vulnerability from variot - Updated: 2024-11-23 22:51An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAGO PFC 200 Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) made by WAGO in Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.03.10\\(15\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.03.10(15)"
},
{
"model": "pfc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "20003.03.10(15)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25701"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
},
{
"db": "NVD",
"id": "CVE-2020-6090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered through discussions between WAGO and Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-877"
}
],
"trust": 0.6
},
"cve": "CVE-2020-6090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-6090",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006836",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-25701",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-6090",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006836",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6090",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006836",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-25701",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-877",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-6090",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25701"
},
{
"db": "VULMON",
"id": "CVE-2020-6090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-877"
},
{
"db": "NVD",
"id": "CVE-2020-6090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAGO PFC 200 Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) made by WAGO in Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
},
{
"db": "CNVD",
"id": "CNVD-2021-25701"
},
{
"db": "VULMON",
"id": "CVE-2020-6090"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2020-1010",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2020-6090",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006836",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-25701",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-877",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-6090",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25701"
},
{
"db": "VULMON",
"id": "CVE-2020-6090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-877"
},
{
"db": "NVD",
"id": "CVE-2020-6090"
}
]
},
"id": "VAR-202006-1778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25701"
}
],
"trust": 1.3434559300000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25701"
}
]
},
"last_update_date": "2024-11-23T22:51:19.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2020-6090 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-6090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
},
{
"db": "NVD",
"id": "CVE-2020-6090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2020-1010"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6090"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6090"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-6090"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25701"
},
{
"db": "VULMON",
"id": "CVE-2020-6090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-877"
},
{
"db": "NVD",
"id": "CVE-2020-6090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-25701"
},
{
"db": "VULMON",
"id": "CVE-2020-6090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-877"
},
{
"db": "NVD",
"id": "CVE-2020-6090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25701"
},
{
"date": "2020-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6090"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006836"
},
{
"date": "2020-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-877"
},
{
"date": "2020-06-11T14:15:10.487000",
"db": "NVD",
"id": "CVE-2020-6090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25701"
},
{
"date": "2023-02-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6090"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006836"
},
{
"date": "2023-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-877"
},
{
"date": "2024-11-21T05:35:04.623000",
"db": "NVD",
"id": "CVE-2020-6090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-877"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 Vulnerability related to authority management in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006836"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-877"
}
],
"trust": 0.6
}
}
VAR-202003-0703
Vulnerability from variot - Updated: 2024-11-23 22:37An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface= using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len("/etc/config-tools/config_interfaces interface=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0703",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "200"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
},
{
"db": "CNVD",
"id": "CNVD-2020-16628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
},
{
"db": "NVD",
"id": "CVE-2019-5186"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
}
]
},
"cve": "CVE-2019-5186",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2019-5186",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015202",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-16628",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2019-5186",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015202",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5186",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015202",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16628",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-377",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
},
{
"db": "CNVD",
"id": "CNVD-2020-16628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-377"
},
{
"db": "NVD",
"id": "CVE-2019-5186"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=\u003ccontents of interface element\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5186"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
},
{
"db": "CNVD",
"id": "CNVD-2020-16628"
},
{
"db": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5186",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0966",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16628",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-377",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015202",
"trust": 0.8
},
{
"db": "IVD",
"id": "742FCDB8-852C-4B1E-A56F-3A4A89CF4C19",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
},
{
"db": "CNVD",
"id": "CNVD-2020-16628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-377"
},
{
"db": "NVD",
"id": "CVE-2019-5186"
}
]
},
"id": "VAR-202003-0703",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
},
{
"db": "CNVD",
"id": "CNVD-2020-16628"
}
],
"trust": 1.5434559300000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
},
{
"db": "CNVD",
"id": "CNVD-2020-16628"
}
]
},
"last_update_date": "2024-11-23T22:37:31.212000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
},
{
"db": "NVD",
"id": "CVE-2019-5186"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0966"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5186"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5186"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-377"
},
{
"db": "NVD",
"id": "CVE-2019-5186"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
},
{
"db": "CNVD",
"id": "CNVD-2020-16628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-377"
},
{
"db": "NVD",
"id": "CVE-2019-5186"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16628"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015202"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-377"
},
{
"date": "2020-03-23T14:15:13.487000",
"db": "NVD",
"id": "CVE-2019-5186"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16628"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015202"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-377"
},
{
"date": "2024-11-21T04:44:30.847000",
"db": "NVD",
"id": "CVE-2019-5186"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-377"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015202"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-377"
}
],
"trust": 0.8
}
}
VAR-202003-0702
Vulnerability from variot - Updated: 2024-11-23 22:37An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state= using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len("/etc/config-tools/config_interfaces interface=X1 state=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0702",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "200"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
},
{
"db": "CNVD",
"id": "CNVD-2020-16629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
},
{
"db": "NVD",
"id": "CVE-2019-5185"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
}
]
},
"cve": "CVE-2019-5185",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2019-5185",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015201",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-16629",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2019-5185",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015201",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5185",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015201",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16629",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-380",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
},
{
"db": "CNVD",
"id": "CNVD-2020-16629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-380"
},
{
"db": "NVD",
"id": "CVE-2019-5185"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=\u003ccontents of state node\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=X1 state=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5185"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
},
{
"db": "CNVD",
"id": "CNVD-2020-16629"
},
{
"db": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5185",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0966",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16629",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-380",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015201",
"trust": 0.8
},
{
"db": "IVD",
"id": "95A5A5B2-E3A6-42CF-88BA-0C970444C3D3",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
},
{
"db": "CNVD",
"id": "CNVD-2020-16629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-380"
},
{
"db": "NVD",
"id": "CVE-2019-5185"
}
]
},
"id": "VAR-202003-0702",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
},
{
"db": "CNVD",
"id": "CNVD-2020-16629"
}
],
"trust": 1.5434559300000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
},
{
"db": "CNVD",
"id": "CNVD-2020-16629"
}
]
},
"last_update_date": "2024-11-23T22:37:31.182000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
},
{
"db": "NVD",
"id": "CVE-2019-5185"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0966"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5185"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5185"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-380"
},
{
"db": "NVD",
"id": "CVE-2019-5185"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
},
{
"db": "CNVD",
"id": "CNVD-2020-16629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-380"
},
{
"db": "NVD",
"id": "CVE-2019-5185"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16629"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015201"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-380"
},
{
"date": "2020-03-23T14:15:13.283000",
"db": "NVD",
"id": "CVE-2019-5185"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16629"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015201"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-380"
},
{
"date": "2024-11-21T04:44:30.733000",
"db": "NVD",
"id": "CVE-2019-5185"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-380"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-380"
}
],
"trust": 0.8
}
}
VAR-201802-1047
Vulnerability from variot - Updated: 2024-11-23 22:34An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. WAGO PFC200 series 3S CoDeSys Runtime Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a bus editable logic controller module from WAGO, Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "02.07.07\\(10\\)"
},
{
"model": "pfc200",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "pfc200 series 3s codesys runtime",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "2.3.x"
},
{
"model": "pfc200 series 3s codesys runtime",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "2.4.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc200",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"db": "NVD",
"id": "CVE-2018-5459"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
}
]
},
"cve": "CVE-2018-5459",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5459",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03481",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5459",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5459",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-5459",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-03481",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-950",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-5459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03481"
},
{
"db": "VULMON",
"id": "CVE-2018-5459"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-950"
},
{
"db": "NVD",
"id": "CVE-2018-5459"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. WAGO PFC200 series 3S CoDeSys Runtime Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a bus editable logic controller module from WAGO, Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5459"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"db": "CNVD",
"id": "CNVD-2018-03481"
},
{
"db": "IVD",
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2018-5459"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5459",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-044-01",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2018-03481",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-950",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002446",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E3EDCF-39AB-11E9-A1CC-000C29342CB1",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2018-5459",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03481"
},
{
"db": "VULMON",
"id": "CVE-2018-5459"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-950"
},
{
"db": "NVD",
"id": "CVE-2018-5459"
}
]
},
"id": "VAR-201802-1047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03481"
}
],
"trust": 1.57459148
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03481"
}
]
},
"last_update_date": "2024-11-23T22:34:20.209000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://global.wago.com/jp/"
},
{
"title": "WAGO PFC200 Series Patch for Incorrect Authentication Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/117903"
},
{
"title": "WAGO PFC200 Series 3S CoDeSys Runtime Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100278"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"db": "NVD",
"id": "CVE-2018-5459"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-044-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5459"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5459"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03481"
},
{
"db": "VULMON",
"id": "CVE-2018-5459"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-950"
},
{
"db": "NVD",
"id": "CVE-2018-5459"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03481"
},
{
"db": "VULMON",
"id": "CVE-2018-5459"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-950"
},
{
"db": "NVD",
"id": "CVE-2018-5459"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-26T00:00:00",
"db": "IVD",
"id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
},
{
"date": "2018-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03481"
},
{
"date": "2018-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5459"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"date": "2018-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-950"
},
{
"date": "2018-02-13T21:29:00.207000",
"db": "NVD",
"id": "CVE-2018-5459"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03481"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5459"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002446"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-950"
},
{
"date": "2024-11-21T04:08:50.547000",
"db": "NVD",
"id": "CVE-2018-5459"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-950"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 series 3S CoDeSys Runtime Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002446"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-950"
}
],
"trust": 0.6
}
}
VAR-202003-0682
Vulnerability from variot - Updated: 2024-11-23 22:29An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node. WAGO PFC 200 There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0682",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
},
{
"db": "CNVD",
"id": "CNVD-2020-17492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014880"
},
{
"db": "NVD",
"id": "CVE-2019-5160"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014880"
}
]
},
"cve": "CVE-2019-5160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-5160",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014880",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-17492",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2019-5160",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014880",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5160",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-014880",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-17492",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-311",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
},
{
"db": "CNVD",
"id": "CNVD-2020-17492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014880"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-311"
},
{
"db": "NVD",
"id": "CVE-2019-5160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node. WAGO PFC 200 There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5160"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014880"
},
{
"db": "CNVD",
"id": "CNVD-2020-17492"
},
{
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5160",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0953",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17492",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-311",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014880",
"trust": 0.8
},
{
"db": "IVD",
"id": "8131A6F8-7D34-497E-B837-3C3A9ECD1E06",
"trust": 0.2
},
{
"db": "IVD",
"id": "51EF958E-045E-4FF7-9809-F60A4D94B2B8",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
},
{
"db": "CNVD",
"id": "CNVD-2020-17492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014880"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-311"
},
{
"db": "NVD",
"id": "CVE-2019-5160"
}
]
},
"id": "VAR-202003-0682",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
},
{
"db": "CNVD",
"id": "CNVD-2020-17492"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
},
{
"db": "CNVD",
"id": "CNVD-2020-17492"
}
]
},
"last_update_date": "2024-11-23T22:29:41.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014880"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014880"
},
{
"db": "NVD",
"id": "CVE-2019-5160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0953"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5160"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5160"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014880"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-311"
},
{
"db": "NVD",
"id": "CVE-2019-5160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
},
{
"db": "CNVD",
"id": "CNVD-2020-17492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014880"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-311"
},
{
"db": "NVD",
"id": "CVE-2019-5160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17492"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014880"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-311"
},
{
"date": "2020-03-11T22:27:41.097000",
"db": "NVD",
"id": "CVE-2019-5160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17492"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014880"
},
{
"date": "2020-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-311"
},
{
"date": "2024-11-21T04:44:27.900000",
"db": "NVD",
"id": "CVE-2019-5160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-311"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 Input validation error vulnerability",
"sources": [
{
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-311"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
},
{
"db": "IVD",
"id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-311"
}
],
"trust": 1.0
}
}
VAR-202003-0676
Vulnerability from variot - Updated: 2024-11-23 22:29The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14). WAGO PFC100 and PFC2000 Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. WAGO PFC100 is a programmable logic controller (PLC) of German WAGO company.
WAGO PFC100 has a source management error vulnerability, which can be exploited by attackers to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0676",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc100",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc100",
"version": "03.01.07(13)"
}
],
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
}
]
},
"cve": "CVE-2019-5149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5149",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014879",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5149",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014879",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5149",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014879",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17496",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-365",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-5149",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14). WAGO PFC100 and PFC2000 Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. WAGO PFC100 is a programmable logic controller (PLC) of German WAGO company. \n\r\n\r\nWAGO PFC100 has a source management error vulnerability, which can be exploited by attackers to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5149",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2019-0939",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2020-17496",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365",
"trust": 1.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0953",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879",
"trust": 0.8
},
{
"db": "IVD",
"id": "8C3A524C-6B85-4B7F-A3BE-1A8890B51501",
"trust": 0.2
},
{
"db": "IVD",
"id": "ABE4FF05-654D-43A6-8D55-B27E00DB4977",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-5149",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"id": "VAR-202003-0676",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
}
],
"trust": 1.55227211
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
}
]
},
"last_update_date": "2024-11-23T22:29:41.589000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0939"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5149"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5149"
},
{
"trust": 0.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0953"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
},
{
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"date": "2020-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-365"
},
{
"date": "2020-03-11T22:27:40.583000",
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17496"
},
{
"date": "2020-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5149"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014879"
},
{
"date": "2020-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-365"
},
{
"date": "2024-11-21T04:44:26.647000",
"db": "NVD",
"id": "CVE-2019-5149"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC100 Resource Management Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNVD",
"id": "CNVD-2020-17496"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
},
{
"db": "IVD",
"id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-365"
}
],
"trust": 1.0
}
}
VAR-202003-0683
Vulnerability from variot - Updated: 2024-11-23 22:25An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. WAGO PFC 200 Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0683",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
},
{
"db": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
},
{
"db": "CNVD",
"id": "CNVD-2020-17491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014881"
},
{
"db": "NVD",
"id": "CVE-2019-5161"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014881"
}
]
},
"cve": "CVE-2019-5161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-5161",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014881",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-17491",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2019-5161",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014881",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5161",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-014881",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-17491",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-328",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
},
{
"db": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
},
{
"db": "CNVD",
"id": "CNVD-2020-17491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014881"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-328"
},
{
"db": "NVD",
"id": "CVE-2019-5161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. WAGO PFC 200 Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014881"
},
{
"db": "CNVD",
"id": "CNVD-2020-17491"
},
{
"db": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
},
{
"db": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5161",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0954",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-17491",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-328",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014881",
"trust": 0.8
},
{
"db": "IVD",
"id": "835C124B-37AA-420F-8F53-FAF79FA84DD6",
"trust": 0.2
},
{
"db": "IVD",
"id": "35746FB2-1FF7-4D67-95B5-9CCAFFC74697",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
},
{
"db": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
},
{
"db": "CNVD",
"id": "CNVD-2020-17491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014881"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-328"
},
{
"db": "NVD",
"id": "CVE-2019-5161"
}
]
},
"id": "VAR-202003-0683",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
},
{
"db": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
},
{
"db": "CNVD",
"id": "CNVD-2020-17491"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
},
{
"db": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
},
{
"db": "CNVD",
"id": "CNVD-2020-17491"
}
]
},
"last_update_date": "2024-11-23T22:25:35.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014881"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014881"
},
{
"db": "NVD",
"id": "CVE-2019-5161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0954"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5161"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5161"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014881"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-328"
},
{
"db": "NVD",
"id": "CVE-2019-5161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
},
{
"db": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
},
{
"db": "CNVD",
"id": "CNVD-2020-17491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014881"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-328"
},
{
"db": "NVD",
"id": "CVE-2019-5161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17491"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014881"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-328"
},
{
"date": "2020-03-11T22:27:41.160000",
"db": "NVD",
"id": "CVE-2019-5161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17491"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014881"
},
{
"date": "2020-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-328"
},
{
"date": "2024-11-21T04:44:28.010000",
"db": "NVD",
"id": "CVE-2019-5161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-328"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 Data Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
},
{
"db": "IVD",
"id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
},
{
"db": "CNVD",
"id": "CNVD-2020-17491"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-328"
}
],
"trust": 0.6
}
}
VAR-202003-0690
Vulnerability from variot - Updated: 2024-11-23 21:59An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d= using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0690",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
},
{
"db": "IVD",
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
},
{
"db": "CNVD",
"id": "CNVD-2020-16846"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
},
{
"db": "NVD",
"id": "CVE-2019-5172"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
}
]
},
"cve": "CVE-2019-5172",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5172",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014925",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16846",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5172",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014925",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5172",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014925",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16846",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-336",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
},
{
"db": "IVD",
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
},
{
"db": "CNVD",
"id": "CNVD-2020-16846"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-336"
},
{
"db": "NVD",
"id": "CVE-2019-5172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d=\u003ccontents of ntp node\u003e using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
},
{
"db": "CNVD",
"id": "CNVD-2020-16846"
},
{
"db": "IVD",
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
},
{
"db": "IVD",
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5172",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0962",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16846",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-336",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014925",
"trust": 0.8
},
{
"db": "IVD",
"id": "5DC15F03-AAF7-4B7A-9C5E-6A4C6D2A59D5",
"trust": 0.2
},
{
"db": "IVD",
"id": "54C71273-2E49-4B24-8DD3-5AFD84EF1D81",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
},
{
"db": "IVD",
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
},
{
"db": "CNVD",
"id": "CNVD-2020-16846"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-336"
},
{
"db": "NVD",
"id": "CVE-2019-5172"
}
]
},
"id": "VAR-202003-0690",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
},
{
"db": "IVD",
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
},
{
"db": "CNVD",
"id": "CNVD-2020-16846"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
},
{
"db": "IVD",
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
},
{
"db": "CNVD",
"id": "CNVD-2020-16846"
}
]
},
"last_update_date": "2024-11-23T21:59:28.009000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
},
{
"db": "NVD",
"id": "CVE-2019-5172"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5172"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5172"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16846"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-336"
},
{
"db": "NVD",
"id": "CVE-2019-5172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
},
{
"db": "IVD",
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
},
{
"db": "CNVD",
"id": "CNVD-2020-16846"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-336"
},
{
"db": "NVD",
"id": "CVE-2019-5172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16846"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014925"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-336"
},
{
"date": "2020-03-11T23:15:11.560000",
"db": "NVD",
"id": "CVE-2019-5172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16846"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014925"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-336"
},
{
"date": "2024-11-21T04:44:29.287000",
"db": "NVD",
"id": "CVE-2019-5172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-336"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014925"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-336"
}
],
"trust": 0.6
}
}
VAR-202003-0689
Vulnerability from variot - Updated: 2024-11-23 21:59An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address= using sprintf(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0689",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
},
{
"db": "IVD",
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16847"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
},
{
"db": "NVD",
"id": "CVE-2019-5171"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
}
]
},
"cve": "CVE-2019-5171",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5171",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014914",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16847",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014914",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5171",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014914",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16847",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-339",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
},
{
"db": "IVD",
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16847"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-339"
},
{
"db": "NVD",
"id": "CVE-2019-5171"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=\u003ccontents of ip node\u003e using sprintf(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
},
{
"db": "CNVD",
"id": "CNVD-2020-16847"
},
{
"db": "IVD",
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
},
{
"db": "IVD",
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5171",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0962",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16847",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-339",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014914",
"trust": 0.8
},
{
"db": "IVD",
"id": "2A3FDF54-04C3-46C8-B3D3-BA629AFB21CB",
"trust": 0.2
},
{
"db": "IVD",
"id": "BC349DAF-30EC-4927-8C84-9E2EEF177F0C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
},
{
"db": "IVD",
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16847"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-339"
},
{
"db": "NVD",
"id": "CVE-2019-5171"
}
]
},
"id": "VAR-202003-0689",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
},
{
"db": "IVD",
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16847"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
},
{
"db": "IVD",
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16847"
}
]
},
"last_update_date": "2024-11-23T21:59:27.974000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
},
{
"db": "NVD",
"id": "CVE-2019-5171"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5171"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5171"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16847"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-339"
},
{
"db": "NVD",
"id": "CVE-2019-5171"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
},
{
"db": "IVD",
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16847"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-339"
},
{
"db": "NVD",
"id": "CVE-2019-5171"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16847"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014914"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-339"
},
{
"date": "2020-03-12T00:15:18.087000",
"db": "NVD",
"id": "CVE-2019-5171"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16847"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014914"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-339"
},
{
"date": "2024-11-21T04:44:29.173000",
"db": "NVD",
"id": "CVE-2019-5171"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-339"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014914"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-339"
}
],
"trust": 0.6
}
}
VAR-202003-0685
Vulnerability from variot - Updated: 2024-11-23 21:59An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name= using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. An attacker could exploit this vulnerability to inject OS commands through a specially crafted XML cache file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0685",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
},
{
"db": "IVD",
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
},
{
"db": "NVD",
"id": "CVE-2019-5167"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
}
]
},
"cve": "CVE-2019-5167",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5167",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014882",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16842",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5167",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014882",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5167",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014882",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16842",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-360",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
},
{
"db": "IVD",
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-360"
},
{
"db": "NVD",
"id": "CVE-2019-5167"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=\u003ccontents of dns node\u003e using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. An attacker could exploit this vulnerability to inject OS commands through a specially crafted XML cache file",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
},
{
"db": "CNVD",
"id": "CNVD-2020-16842"
},
{
"db": "IVD",
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
},
{
"db": "IVD",
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5167",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0962",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16842",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-360",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014882",
"trust": 0.8
},
{
"db": "IVD",
"id": "DF2BEBB0-EA1E-4491-B729-E46407BFEA82",
"trust": 0.2
},
{
"db": "IVD",
"id": "6F20EC81-7D78-4047-889D-0E6CA4B0206C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
},
{
"db": "IVD",
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-360"
},
{
"db": "NVD",
"id": "CVE-2019-5167"
}
]
},
"id": "VAR-202003-0685",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
},
{
"db": "IVD",
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16842"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
},
{
"db": "IVD",
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16842"
}
]
},
"last_update_date": "2024-11-23T21:59:27.940000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
},
{
"db": "NVD",
"id": "CVE-2019-5167"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5167"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5167"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-360"
},
{
"db": "NVD",
"id": "CVE-2019-5167"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
},
{
"db": "IVD",
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
},
{
"db": "CNVD",
"id": "CNVD-2020-16842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-360"
},
{
"db": "NVD",
"id": "CVE-2019-5167"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16842"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014882"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-360"
},
{
"date": "2020-03-11T22:27:41.380000",
"db": "NVD",
"id": "CVE-2019-5167"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16842"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014882"
},
{
"date": "2022-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-360"
},
{
"date": "2024-11-21T04:44:28.727000",
"db": "NVD",
"id": "CVE-2019-5167"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-360"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 Injection vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014882"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-360"
}
],
"trust": 0.6
}
}
VAR-202003-0687
Vulnerability from variot - Updated: 2024-11-23 21:59An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0687",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
},
{
"db": "IVD",
"id": "d20ba407-e974-4938-aca3-4773054a5f46"
},
{
"db": "CNVD",
"id": "CNVD-2020-16840"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
},
{
"db": "NVD",
"id": "CVE-2019-5169"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
}
]
},
"cve": "CVE-2019-5169",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5169",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014912",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16840",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "d20ba407-e974-4938-aca3-4773054a5f46",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5169",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014912",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5169",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014912",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16840",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-348",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d20ba407-e974-4938-aca3-4773054a5f46",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
},
{
"db": "IVD",
"id": "d20ba407-e974-4938-aca3-4773054a5f46"
},
{
"db": "CNVD",
"id": "CNVD-2020-16840"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-348"
},
{
"db": "NVD",
"id": "CVE-2019-5169"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value=\u003ccontents of gateway node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
},
{
"db": "CNVD",
"id": "CNVD-2020-16840"
},
{
"db": "IVD",
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
},
{
"db": "IVD",
"id": "d20ba407-e974-4938-aca3-4773054a5f46"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5169",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0962",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16840",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-348",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014912",
"trust": 0.8
},
{
"db": "IVD",
"id": "13DA69BE-ABA0-4136-BDDD-CE2C3D493A07",
"trust": 0.2
},
{
"db": "IVD",
"id": "D20BA407-E974-4938-ACA3-4773054A5F46",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
},
{
"db": "IVD",
"id": "d20ba407-e974-4938-aca3-4773054a5f46"
},
{
"db": "CNVD",
"id": "CNVD-2020-16840"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-348"
},
{
"db": "NVD",
"id": "CVE-2019-5169"
}
]
},
"id": "VAR-202003-0687",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
},
{
"db": "IVD",
"id": "d20ba407-e974-4938-aca3-4773054a5f46"
},
{
"db": "CNVD",
"id": "CNVD-2020-16840"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
},
{
"db": "IVD",
"id": "d20ba407-e974-4938-aca3-4773054a5f46"
},
{
"db": "CNVD",
"id": "CNVD-2020-16840"
}
]
},
"last_update_date": "2024-11-23T21:59:27.905000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
},
{
"db": "NVD",
"id": "CVE-2019-5169"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5169"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5169"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16840"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-348"
},
{
"db": "NVD",
"id": "CVE-2019-5169"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
},
{
"db": "IVD",
"id": "d20ba407-e974-4938-aca3-4773054a5f46"
},
{
"db": "CNVD",
"id": "CNVD-2020-16840"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-348"
},
{
"db": "NVD",
"id": "CVE-2019-5169"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "d20ba407-e974-4938-aca3-4773054a5f46"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16840"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014912"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-348"
},
{
"date": "2020-03-12T00:15:17.960000",
"db": "NVD",
"id": "CVE-2019-5169"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16840"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014912"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-348"
},
{
"date": "2024-11-21T04:44:28.947000",
"db": "NVD",
"id": "CVE-2019-5169"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-348"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014912"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-348"
}
],
"trust": 0.6
}
}
VAR-202003-0691
Vulnerability from variot - Updated: 2024-11-23 21:59An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0691",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
},
{
"db": "IVD",
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
},
{
"db": "CNVD",
"id": "CNVD-2020-16845"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
},
{
"db": "NVD",
"id": "CVE-2019-5173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
}
]
},
"cve": "CVE-2019-5173",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5173",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014926",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16845",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5173",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014926",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5173",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014926",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16845",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-331",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
},
{
"db": "IVD",
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
},
{
"db": "CNVD",
"id": "CNVD-2020-16845"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-331"
},
{
"db": "NVD",
"id": "CVE-2019-5173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=\u003ccontents of state node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
},
{
"db": "CNVD",
"id": "CNVD-2020-16845"
},
{
"db": "IVD",
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
},
{
"db": "IVD",
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5173",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0962",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16845",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-331",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014926",
"trust": 0.8
},
{
"db": "IVD",
"id": "8D31DE5D-FE5D-4F4B-A573-0391D6016CE8",
"trust": 0.2
},
{
"db": "IVD",
"id": "33A0ABC6-23A0-4441-82A6-16B3B4F12D8D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
},
{
"db": "IVD",
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
},
{
"db": "CNVD",
"id": "CNVD-2020-16845"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-331"
},
{
"db": "NVD",
"id": "CVE-2019-5173"
}
]
},
"id": "VAR-202003-0691",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
},
{
"db": "IVD",
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
},
{
"db": "CNVD",
"id": "CNVD-2020-16845"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
},
{
"db": "IVD",
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
},
{
"db": "CNVD",
"id": "CNVD-2020-16845"
}
]
},
"last_update_date": "2024-11-23T21:59:27.871000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
},
{
"db": "NVD",
"id": "CVE-2019-5173"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5173"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5173"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16845"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-331"
},
{
"db": "NVD",
"id": "CVE-2019-5173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
},
{
"db": "IVD",
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
},
{
"db": "CNVD",
"id": "CNVD-2020-16845"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-331"
},
{
"db": "NVD",
"id": "CVE-2019-5173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16845"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014926"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-331"
},
{
"date": "2020-03-11T23:15:11.620000",
"db": "NVD",
"id": "CVE-2019-5173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16845"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014926"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-331"
},
{
"date": "2024-11-21T04:44:29.397000",
"db": "NVD",
"id": "CVE-2019-5173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-331"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014926"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-331"
}
],
"trust": 0.6
}
}
VAR-202003-0692
Vulnerability from variot - Updated: 2024-11-23 21:59An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0692",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
},
{
"db": "IVD",
"id": "208ab9d6-2954-4e07-881e-503940c90652"
},
{
"db": "CNVD",
"id": "CNVD-2020-16844"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
},
{
"db": "NVD",
"id": "CVE-2019-5174"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
}
]
},
"cve": "CVE-2019-5174",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5174",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014927",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16844",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "208ab9d6-2954-4e07-881e-503940c90652",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5174",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014927",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5174",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014927",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16844",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-330",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "208ab9d6-2954-4e07-881e-503940c90652",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
},
{
"db": "IVD",
"id": "208ab9d6-2954-4e07-881e-503940c90652"
},
{
"db": "CNVD",
"id": "CNVD-2020-16844"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-330"
},
{
"db": "NVD",
"id": "CVE-2019-5174"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=\u003ccontents of subnetmask node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
},
{
"db": "CNVD",
"id": "CNVD-2020-16844"
},
{
"db": "IVD",
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
},
{
"db": "IVD",
"id": "208ab9d6-2954-4e07-881e-503940c90652"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5174",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0962",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16844",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-330",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014927",
"trust": 0.8
},
{
"db": "IVD",
"id": "21A562C4-5F87-40E1-87BC-F2A2A7EED573",
"trust": 0.2
},
{
"db": "IVD",
"id": "208AB9D6-2954-4E07-881E-503940C90652",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
},
{
"db": "IVD",
"id": "208ab9d6-2954-4e07-881e-503940c90652"
},
{
"db": "CNVD",
"id": "CNVD-2020-16844"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-330"
},
{
"db": "NVD",
"id": "CVE-2019-5174"
}
]
},
"id": "VAR-202003-0692",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
},
{
"db": "IVD",
"id": "208ab9d6-2954-4e07-881e-503940c90652"
},
{
"db": "CNVD",
"id": "CNVD-2020-16844"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
},
{
"db": "IVD",
"id": "208ab9d6-2954-4e07-881e-503940c90652"
},
{
"db": "CNVD",
"id": "CNVD-2020-16844"
}
]
},
"last_update_date": "2024-11-23T21:59:27.836000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
},
{
"db": "NVD",
"id": "CVE-2019-5174"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5174"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5174"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16844"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-330"
},
{
"db": "NVD",
"id": "CVE-2019-5174"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
},
{
"db": "IVD",
"id": "208ab9d6-2954-4e07-881e-503940c90652"
},
{
"db": "CNVD",
"id": "CNVD-2020-16844"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-330"
},
{
"db": "NVD",
"id": "CVE-2019-5174"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "208ab9d6-2954-4e07-881e-503940c90652"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16844"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014927"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-330"
},
{
"date": "2020-03-11T23:15:11.700000",
"db": "NVD",
"id": "CVE-2019-5174"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16844"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014927"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-330"
},
{
"date": "2024-11-21T04:44:29.510000",
"db": "NVD",
"id": "CVE-2019-5174"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-330"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014927"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-330"
}
],
"trust": 0.6
}
}
VAR-202003-0686
Vulnerability from variot - Updated: 2024-11-23 21:59An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name= using sprintf().This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
},
{
"db": "IVD",
"id": "8ac74de1-9894-453a-b57a-9298929035dc"
},
{
"db": "CNVD",
"id": "CNVD-2020-16841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
},
{
"db": "NVD",
"id": "CVE-2019-5168"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
}
]
},
"cve": "CVE-2019-5168",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5168",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014883",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16841",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "8ac74de1-9894-453a-b57a-9298929035dc",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5168",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014883",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5168",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014883",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16841",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-351",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "8ac74de1-9894-453a-b57a-9298929035dc",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
},
{
"db": "IVD",
"id": "8ac74de1-9894-453a-b57a-9298929035dc"
},
{
"db": "CNVD",
"id": "CNVD-2020-16841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-351"
},
{
"db": "NVD",
"id": "CVE-2019-5168"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=\u003ccontents of domainname node\u003e using sprintf().This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
},
{
"db": "CNVD",
"id": "CNVD-2020-16841"
},
{
"db": "IVD",
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
},
{
"db": "IVD",
"id": "8ac74de1-9894-453a-b57a-9298929035dc"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5168",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0962",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16841",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-351",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014883",
"trust": 0.8
},
{
"db": "IVD",
"id": "FA3FD774-34C0-4201-90D7-EF26130799D5",
"trust": 0.2
},
{
"db": "IVD",
"id": "8AC74DE1-9894-453A-B57A-9298929035DC",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
},
{
"db": "IVD",
"id": "8ac74de1-9894-453a-b57a-9298929035dc"
},
{
"db": "CNVD",
"id": "CNVD-2020-16841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-351"
},
{
"db": "NVD",
"id": "CVE-2019-5168"
}
]
},
"id": "VAR-202003-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
},
{
"db": "IVD",
"id": "8ac74de1-9894-453a-b57a-9298929035dc"
},
{
"db": "CNVD",
"id": "CNVD-2020-16841"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
},
{
"db": "IVD",
"id": "8ac74de1-9894-453a-b57a-9298929035dc"
},
{
"db": "CNVD",
"id": "CNVD-2020-16841"
}
]
},
"last_update_date": "2024-11-23T21:59:27.801000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
},
{
"db": "NVD",
"id": "CVE-2019-5168"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5168"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5168"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-351"
},
{
"db": "NVD",
"id": "CVE-2019-5168"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
},
{
"db": "IVD",
"id": "8ac74de1-9894-453a-b57a-9298929035dc"
},
{
"db": "CNVD",
"id": "CNVD-2020-16841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-351"
},
{
"db": "NVD",
"id": "CVE-2019-5168"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "8ac74de1-9894-453a-b57a-9298929035dc"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16841"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014883"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-351"
},
{
"date": "2020-03-11T22:27:41.443000",
"db": "NVD",
"id": "CVE-2019-5168"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16841"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014883"
},
{
"date": "2020-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-351"
},
{
"date": "2024-11-21T04:44:28.840000",
"db": "NVD",
"id": "CVE-2019-5168"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-351"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014883"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-351"
}
],
"trust": 0.6
}
}
VAR-202003-0688
Vulnerability from variot - Updated: 2024-11-23 21:59An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0688",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
},
{
"db": "IVD",
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
},
{
"db": "CNVD",
"id": "CNVD-2020-16848"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
},
{
"db": "NVD",
"id": "CVE-2019-5170"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
}
]
},
"cve": "CVE-2019-5170",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5170",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014913",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16848",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5170",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014913",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5170",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014913",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16848",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-345",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
},
{
"db": "IVD",
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
},
{
"db": "CNVD",
"id": "CNVD-2020-16848"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-345"
},
{
"db": "NVD",
"id": "CVE-2019-5170"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname=\u003ccontents of hostname node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
},
{
"db": "CNVD",
"id": "CNVD-2020-16848"
},
{
"db": "IVD",
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
},
{
"db": "IVD",
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5170",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0962",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16848",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-345",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014913",
"trust": 0.8
},
{
"db": "IVD",
"id": "2859C97C-4041-4692-8686-F7C0C743D9D6",
"trust": 0.2
},
{
"db": "IVD",
"id": "BD8523E7-9DE1-4EAC-9055-2EAF59E6A50F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
},
{
"db": "IVD",
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
},
{
"db": "CNVD",
"id": "CNVD-2020-16848"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-345"
},
{
"db": "NVD",
"id": "CVE-2019-5170"
}
]
},
"id": "VAR-202003-0688",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
},
{
"db": "IVD",
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
},
{
"db": "CNVD",
"id": "CNVD-2020-16848"
}
],
"trust": 1.63251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
},
{
"db": "IVD",
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
},
{
"db": "CNVD",
"id": "CNVD-2020-16848"
}
]
},
"last_update_date": "2024-11-23T21:59:27.768000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
},
{
"db": "NVD",
"id": "CVE-2019-5170"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5170"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5170"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16848"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-345"
},
{
"db": "NVD",
"id": "CVE-2019-5170"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
},
{
"db": "IVD",
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
},
{
"db": "CNVD",
"id": "CNVD-2020-16848"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-345"
},
{
"db": "NVD",
"id": "CVE-2019-5170"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16848"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014913"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-345"
},
{
"date": "2020-03-12T00:15:18.023000",
"db": "NVD",
"id": "CVE-2019-5170"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16848"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014913"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-345"
},
{
"date": "2024-11-21T04:44:29.060000",
"db": "NVD",
"id": "CVE-2019-5170"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-345"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014913"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-345"
}
],
"trust": 0.6
}
}
VAR-202003-0693
Vulnerability from variot - Updated: 2024-11-23 21:59An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1ea28 the extracted type value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled config-type= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0693",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.02.02(14)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.02.02\\(14\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc200",
"version": "03.02.02(14)"
}
],
"sources": [
{
"db": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
},
{
"db": "CNVD",
"id": "CNVD-2020-16843"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014928"
},
{
"db": "NVD",
"id": "CVE-2019-5175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014928"
}
]
},
"cve": "CVE-2019-5175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5175",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014928",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-16843",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5175",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014928",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5175",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014928",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16843",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-329",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
},
{
"db": "CNVD",
"id": "CNVD-2020-16843"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014928"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-329"
},
{
"db": "NVD",
"id": "CVE-2019-5175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1ea28 the extracted type value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled config-type=\u003ccontents of type node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014928"
},
{
"db": "CNVD",
"id": "CNVD-2020-16843"
},
{
"db": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5175",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0962",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-16843",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-329",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014928",
"trust": 0.8
},
{
"db": "IVD",
"id": "CE9CB0A6-0CF5-4815-BC50-D312C9BEA66E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
},
{
"db": "CNVD",
"id": "CNVD-2020-16843"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014928"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-329"
},
{
"db": "NVD",
"id": "CVE-2019-5175"
}
]
},
"id": "VAR-202003-0693",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
},
{
"db": "CNVD",
"id": "CNVD-2020-16843"
}
],
"trust": 1.43251626
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
},
{
"db": "CNVD",
"id": "CNVD-2020-16843"
}
]
},
"last_update_date": "2024-11-23T21:59:27.737000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014928"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014928"
},
{
"db": "NVD",
"id": "CVE-2019-5175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5175"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5175"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16843"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014928"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-329"
},
{
"db": "NVD",
"id": "CVE-2019-5175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
},
{
"db": "CNVD",
"id": "CNVD-2020-16843"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014928"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-329"
},
{
"db": "NVD",
"id": "CVE-2019-5175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16843"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014928"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-329"
},
{
"date": "2020-03-11T23:15:11.747000",
"db": "NVD",
"id": "CVE-2019-5175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16843"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014928"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-329"
},
{
"date": "2024-11-21T04:44:29.620000",
"db": "NVD",
"id": "CVE-2019-5175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 Command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
},
{
"db": "CNVD",
"id": "CNVD-2020-16843"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-329"
}
],
"trust": 0.6
}
}
VAR-202001-0422
Vulnerability from variot - Updated: 2024-11-23 21:51An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO.
There is a buffer overflow vulnerability in the 'I / O-Check' function in WAGO PFC200 and PFC100. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "wago",
"version": "03.01.07(12)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
}
]
},
"cve": "CVE-2019-5082",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5082",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-03737",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5082",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5082",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5082",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-5082",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-03737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-915",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO. \n\r\n\r\nThere is a buffer overflow vulnerability in the \u0027I / O-Check\u0027 function in WAGO PFC200 and PFC100. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5082"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "CNVD",
"id": "CNVD-2020-03737"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5082",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0874",
"trust": 2.4
},
{
"db": "CERT@VDE",
"id": "VDE-2019-022",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-03737",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"id": "VAR-202001-0422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
}
],
"trust": 1.1522721100000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
}
]
},
"last_update_date": "2024-11-23T21:51:49.677000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "Patch for WAGO PFC 200 \u0027I / O-Check\u0027 Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/199035"
},
{
"title": "WAGO PFC200 and PFC100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106686"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0874"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5082"
},
{
"trust": 1.2,
"url": "https://cert.vde.com/de-de/advisories/vde-2019-022"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5082"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
},
{
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-915"
},
{
"date": "2020-01-08T17:15:11.837000",
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03737"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014186"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-915"
},
{
"date": "2024-11-21T04:44:18.983000",
"db": "NVD",
"id": "CVE-2019-5082"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-915"
}
],
"trust": 0.6
}
}
VAR-201912-0778
Vulnerability from variot - Updated: 2024-11-23 21:51An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains an out-of-bounds write vulnerability for a critical function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5079",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5079",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46395",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "370be516-5627-47d6-9e74-a8561eee7d4d",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5079",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5079",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5079",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-5079",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-46395",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-739",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains an out-of-bounds write vulnerability for a critical function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5079"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5079",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0871",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46395",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "IVD",
"id": "370BE516-5627-47D6-9E74-A8561EEE7D4D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"id": "VAR-201912-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
}
],
"trust": 1.374945585
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
}
]
},
"last_update_date": "2024-11-23T21:51:49.341000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO PFC 200 and WAGO PFC100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105556"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0871"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5079"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0871"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5079"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
},
{
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-739"
},
{
"date": "2019-12-18T21:15:14.163000",
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46395"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013722"
},
{
"date": "2020-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-739"
},
{
"date": "2024-11-21T04:44:18.630000",
"db": "NVD",
"id": "CVE-2019-5079"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Firmware out-of-bounds vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013722"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "370be516-5627-47d6-9e74-a8561eee7d4d"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-739"
}
],
"trust": 0.8
}
}
VAR-201912-0774
Vulnerability from variot - Updated: 2024-11-23 21:51An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service "I/O-Check" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0774",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5075",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5075",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46398",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "027060de-fc78-4359-ac1f-580c302f96c8",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5075",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5075",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5075",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-5075",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-46398",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-734",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service \"I/O-Check\" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5075"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5075",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0864",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46398",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "47153",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "027060DE-FC78-4359-AC1F-580C302F96C8",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"id": "VAR-201912-0774",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
}
],
"trust": 1.374945585
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
}
]
},
"last_update_date": "2024-11-23T21:51:49.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO PFC 200 and WAGO PFC100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106022"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0864"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5075"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0864"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5075"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47153"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
},
{
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-734"
},
{
"date": "2019-12-18T21:15:14.007000",
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46398"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013745"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-734"
},
{
"date": "2024-11-21T04:44:18.160000",
"db": "NVD",
"id": "CVE-2019-5075"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46398"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "027060de-fc78-4359-ac1f-580c302f96c8"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-734"
}
],
"trust": 0.8
}
}
VAR-201912-0779
Vulnerability from variot - Updated: 2024-11-23 21:51An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO. Attackers can Exploitation of this vulnerability resulted in a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0779",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5080",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5080",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46629",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5080",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5080",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5080",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-5080",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-46629",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-742",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial-of-service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO. Attackers can Exploitation of this vulnerability resulted in a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5080"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5080",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0872",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46629",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47155",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "AC656BE7-CAA8-4D9A-BD23-A4A8AE420DA6",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"id": "VAR-201912-0779",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
}
],
"trust": 1.374945585
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
}
]
},
"last_update_date": "2024-11-23T21:51:49.278000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0872"
},
{
"trust": 1.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0872"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5080"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5080"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47155"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
},
{
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-24T00:00:00",
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"date": "2019-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-742"
},
{
"date": "2019-12-18T21:15:14.240000",
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46629"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013723"
},
{
"date": "2020-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-742"
},
{
"date": "2024-11-21T04:44:18.750000",
"db": "NVD",
"id": "CVE-2019-5080"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Vulnerability related to lack of certification for critical functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013723"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-742"
}
],
"trust": 0.8
}
}
VAR-201912-0777
Vulnerability from variot - Updated: 2024-11-23 21:51An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has an access control error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "03.00.3912"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "03.00.3912"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": null
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": null
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "03.01.0713"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5078",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46399",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5078",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-5078",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5078",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-5078",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-46399",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-733",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial of service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has an access control error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5078",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0870",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46399",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "IVD",
"id": "188ECB88-1B7C-4AB4-9617-D7DD2D2084B8",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"id": "VAR-201912-0777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
}
],
"trust": 1.374945585
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
}
]
},
"last_update_date": "2024-11-23T21:51:49.247000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0870"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5078"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0870"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5078"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
},
{
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-733"
},
{
"date": "2019-12-18T21:15:14.083000",
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46399"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013746"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-733"
},
{
"date": "2024-11-21T04:44:18.513000",
"db": "NVD",
"id": "CVE-2019-5078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNVD",
"id": "CNVD-2019-46399"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-733"
}
],
"trust": 0.8
}
}
VAR-201912-0772
Vulnerability from variot - Updated: 2024-11-23 21:51An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an information disclosure vulnerability.Information may be obtained. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has an information disclosure vulnerability. The vulnerability stems from configuration errors during the operation of the network system or product. An attacker could use this vulnerability to obtain sensitive information about the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0772",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5073",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5073",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46397",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5073",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-5073",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5073",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5073",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-46397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-735",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information exposure vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an information disclosure vulnerability.Information may be obtained. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has an information disclosure vulnerability. The vulnerability stems from configuration errors during the operation of the network system or product. An attacker could use this vulnerability to obtain sensitive information about the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5073"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5073",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0862",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-46397",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "47152",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "32CFF3E1-62C7-4B0D-9C9D-F140EBBC5A6F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"id": "VAR-201912-0772",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
}
],
"trust": 1.374945585
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
}
]
},
"last_update_date": "2024-11-23T21:51:49.213000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO PFC 200 and WAGO PFC100 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106023"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0862"
},
{
"trust": 1.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0862"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5073"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5073"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47152"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
},
{
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-735"
},
{
"date": "2019-12-18T21:15:13.897000",
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46397"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013744"
},
{
"date": "2020-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-735"
},
{
"date": "2024-11-21T04:44:17.933000",
"db": "NVD",
"id": "CVE-2019-5073"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC200 Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
},
{
"db": "CNVD",
"id": "CNVD-2019-46397"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-735"
}
],
"trust": 0.6
}
}
VAR-201912-0780
Vulnerability from variot - Updated: 2024-11-23 21:51An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.
WAGO PFC200 has a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0780",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.01.07(13)"
},
{
"model": "pfc200",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc100",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "03.00.39(12)"
},
{
"model": "pfc 100",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.00.39\\(12\\)"
},
{
"model": "pfc 200",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "03.01.07\\(13\\)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.00.39(12)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 200",
"version": "03.01.07(13)"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pfc 100",
"version": "03.00.39(12)"
}
],
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:pfc100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:pfc200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Kelly Leuschner of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5081",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46394",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5081",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5081",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5081",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-5081",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-46394",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-745",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service \u0027\u0027I/O-Chec\u0027\u0027 functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5081"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5081",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2019-0873",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0874",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2019-46394",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0842",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-065-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "C6438B63-D1BB-46D1-9B83-34F99FD9E90B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"id": "VAR-201912-0780",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
}
],
"trust": 1.374945585
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
}
]
},
"last_update_date": "2024-11-23T21:51:49.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
},
{
"title": "WAGO PFC 200 and PFC100 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105557"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0873"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0873"
},
{
"trust": 1.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0874"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5081"
},
{
"trust": 1.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0874"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5081"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
},
{
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-745"
},
{
"date": "2019-12-18T20:15:16.917000",
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46394"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013791"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-745"
},
{
"date": "2024-11-21T04:44:18.867000",
"db": "NVD",
"id": "CVE-2019-5081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO PFC 200 and PFC100 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013791"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-745"
}
],
"trust": 0.8
}
}