Search

Find a vulnerability

Search criteria

    50 vulnerabilities found for pfc200 by wago

    VAR-201702-0861

    Vulnerability from variot - Updated: 2025-04-20 23:36

    An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. WAGO 750-8202 / PFC200 and so on are all bus editable logic controller modules of German WAGO company.

    An authentication bypass vulnerability exists in several WAGO products. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may lead to further attacks. The following products are vulnerable: WAGO 750-8202/PFC200 prior to FW04 WAGO 750-881 prior to FW09 WAGO 0758-0874-0000-0111. WAGO 750-8202/PFC200, etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0861",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "758-xxxx series",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "750-xxxx series",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "750-xxxx series",
            "scope": null,
            "trust": 0.8,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "758-xxxx series",
            "scope": null,
            "trust": 0.8,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "pfc200",
            "scope": null,
            "trust": 0.8,
            "vendor": "wago",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "0758-0874-0000-0111"
          },
          {
            "model": "\u003cfw09",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "750-881"
          },
          {
            "model": "750-8202/pfc200 \u003cfw04",
            "scope": null,
            "trust": 0.6,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wago",
            "version": "0"
          },
          {
            "model": "wago",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wago",
            "version": "750-8810"
          },
          {
            "model": "wago",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wago",
            "version": "750-82020"
          },
          {
            "model": "wago",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wago",
            "version": "0758-0874-0000-0111"
          },
          {
            "model": "pfc200 fw04",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "fw09",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "wago",
            "version": "750-881"
          },
          {
            "model": "fw04",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "wago",
            "version": "750-8202"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-13097"
          },
          {
            "db": "BID",
            "id": "95074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9362"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:750-xxxx_series_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:758-xxxx_series_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Maxim Rupp.",
        "sources": [
          {
            "db": "BID",
            "id": "95074"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-9362",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-9362",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-9362",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-13097",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-98182",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-9362",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-9362",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-9362",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-9362",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-13097",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201612-631",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-98182",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-9362",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-13097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9362"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. WAGO 750-8202 / PFC200 and so on are all bus editable logic controller modules of German WAGO company. \n\nAn authentication bypass vulnerability exists in several WAGO products. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may lead to further attacks. \nThe following products are vulnerable:\nWAGO 750-8202/PFC200 prior to FW04\nWAGO 750-881 prior to FW09\nWAGO 0758-0874-0000-0111. WAGO 750-8202/PFC200, etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-9362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13097"
          },
          {
            "db": "BID",
            "id": "95074"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9362"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-9362",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-357-02",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "95074",
            "trust": 2.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-13097",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-98182",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9362",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-13097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9362"
          },
          {
            "db": "BID",
            "id": "95074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9362"
          }
        ]
      },
      "id": "VAR-201702-0861",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-98182"
          }
        ],
        "trust": 0.8906499455555554
      },
      "last_update_date": "2025-04-20T23:36:57.255000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://global.wago.com/jp/"
          },
          {
            "title": "Patch for Multiple WAGO Product Certification Bypass Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/86762"
          },
          {
            "title": "Multiple WAGO Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66653"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-13097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-98182"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9362"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-357-02"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/95074"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9362"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9362"
          },
          {
            "trust": 0.3,
            "url": " http://www.wago.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52214"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-13097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9362"
          },
          {
            "db": "BID",
            "id": "95074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9362"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-13097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9362"
          },
          {
            "db": "BID",
            "id": "95074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9362"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-13097"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-98182"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-9362"
          },
          {
            "date": "2016-12-22T00:00:00",
            "db": "BID",
            "id": "95074"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "date": "2016-12-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          },
          {
            "date": "2017-02-13T21:59:02.110000",
            "db": "NVD",
            "id": "CVE-2016-9362"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-13097"
          },
          {
            "date": "2017-06-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-98182"
          },
          {
            "date": "2017-06-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-9362"
          },
          {
            "date": "2017-01-12T08:04:00",
            "db": "BID",
            "id": "95074"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          },
          {
            "date": "2016-12-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-9362"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  WAGO Vulnerability of editing settings without authentication in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007990"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201612-631"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201910-0872

    Vulnerability from variot - Updated: 2024-11-23 23:11

    Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. WAGO Series PFC100 and PFC200 The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. WAGO Series PFC100 and WAGO Series PFC200 are both programmable logic controllers from German WAGO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0872",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.35\\(12\\)"
          },
          {
            "model": "pfc100",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "wago",
            "version": "fw12"
          },
          {
            "model": "pfc200",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "wago",
            "version": "fw12"
          },
          {
            "model": "series pfc100",
            "scope": null,
            "trust": 0.6,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "series pfc200",
            "scope": null,
            "trust": 0.6,
            "vendor": "wago",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc100",
            "version": "750-8101/000-010"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc100",
            "version": "750-8101/025-000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc200",
            "version": "750-8102/025-000"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18202"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          }
        ]
      },
      "cve": "CVE-2019-18202",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-18202",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-36938",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-18202",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-18202",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2019-18202",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-18202",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-18202",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-18202",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-36938",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201910-1241",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1241"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18202"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18202"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. WAGO Series PFC100 and PFC200 The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. WAGO Series PFC100 and WAGO Series PFC200 are both programmable logic controllers from German WAGO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          },
          {
            "db": "IVD",
            "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-18202",
            "trust": 3.2
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2019-017",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1241",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "9E1B1036-BEB0-4EF4-8A24-7C7AF0EC364A",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1241"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18202"
          }
        ]
      },
      "id": "VAR-201910-0872",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          }
        ],
        "trust": 1.5584546440000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:11:42.448000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          },
          {
            "title": "Patch for WAGO Series PFC100 and WAGO Series PFC200 Improper Access Control Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186775"
          },
          {
            "title": "WAGO Series PFC100  and WAGO Series PFC200 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=100674"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1241"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-610",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18202"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://cert.vde.com/de-de/advisories/vde-2019-017"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18202"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18202"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1241"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18202"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1241"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18202"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-24T00:00:00",
            "db": "IVD",
            "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
          },
          {
            "date": "2019-10-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          },
          {
            "date": "2019-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "date": "2019-10-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-1241"
          },
          {
            "date": "2019-10-19T01:15:10.467000",
            "db": "NVD",
            "id": "CVE-2019-18202"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-36938"
          },
          {
            "date": "2019-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          },
          {
            "date": "2023-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201910-1241"
          },
          {
            "date": "2024-11-21T04:32:49.313000",
            "db": "NVD",
            "id": "CVE-2019-18202"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1241"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO Series PFC100 and  PFC200 Vulnerability related to externally controllable references to other domain resources on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011220"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "9e1b1036-beb0-4ef4-8a24-7c7af0ec364a"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201910-1241"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202003-0679

    Vulnerability from variot - Updated: 2024-11-23 23:08

    An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. WAGO PFC 200 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company.

    The cloud connection function in WAGO PFC200 using firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12) has an operating system command injection vulnerability that stems from external input data to construct an operating system executable During the command process, the network system or product does not properly filter the special characters, commands, etc., and the attacker can use the vulnerability to execute illegal operating system commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0679",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "20003.01.07(13)"
          },
          {
            "model": "pfc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "20003.00.39(12)"
          },
          {
            "model": "pfc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "20003.02.02(14)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
          },
          {
            "db": "IVD",
            "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5157"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          }
        ]
      },
      "cve": "CVE-2019-5157",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5157",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014978",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-19518",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-5157",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014978",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5157",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014978",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19518",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-371",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
          },
          {
            "db": "IVD",
            "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-371"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5157"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. WAGO PFC 200 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company. \n\r\n\r\nThe cloud connection function in WAGO PFC200 using firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12) has an operating system command injection vulnerability that stems from external input data to construct an operating system executable During the command process, the network system or product does not properly filter the special characters, commands, etc., and the attacker can use the vulnerability to execute illegal operating system commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          },
          {
            "db": "IVD",
            "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
          },
          {
            "db": "IVD",
            "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5157",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0950",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-371",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "D1247760-93C2-4AE9-BA70-2FC8D4A53208",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "5CDD007E-89B7-4F08-BCD5-F4121200EFDD",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
          },
          {
            "db": "IVD",
            "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-371"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5157"
          }
        ]
      },
      "id": "VAR-202003-0679",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
          },
          {
            "db": "IVD",
            "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          }
        ],
        "trust": 1.74345593
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
          },
          {
            "db": "IVD",
            "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:08:04.734000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5157"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0950"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5157"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5157"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-371"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5157"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
          },
          {
            "db": "IVD",
            "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-371"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5157"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          },
          {
            "date": "2020-03-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-371"
          },
          {
            "date": "2020-03-11T22:27:40.897000",
            "db": "NVD",
            "id": "CVE-2019-5157"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          },
          {
            "date": "2020-03-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014978"
          },
          {
            "date": "2020-03-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-371"
          },
          {
            "date": "2024-11-21T04:44:27.557000",
            "db": "NVD",
            "id": "CVE-2019-5157"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-371"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC200 Operating system command injection vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "d1247760-93c2-4ae9-ba70-2fc8d4a53208"
          },
          {
            "db": "IVD",
            "id": "5cdd007e-89b7-4f08-bcd5-f4121200efdd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19518"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-371"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-371"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0678

    Vulnerability from variot - Updated: 2024-11-23 23:01

    An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. WAGO PFC 200 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) of German WAGO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0678",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
          },
          {
            "db": "IVD",
            "id": "d31da0e1-ddee-4689-915a-172880949664"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5156"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          }
        ]
      },
      "cve": "CVE-2019-5156",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5156",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014977",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-19519",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "d31da0e1-ddee-4689-915a-172880949664",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-5156",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014977",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5156",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014977",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19519",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-325",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "d31da0e1-ddee-4689-915a-172880949664",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
          },
          {
            "db": "IVD",
            "id": "d31da0e1-ddee-4689-915a-172880949664"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-325"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5156"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. WAGO PFC 200 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) of German WAGO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          },
          {
            "db": "IVD",
            "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
          },
          {
            "db": "IVD",
            "id": "d31da0e1-ddee-4689-915a-172880949664"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5156",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0949",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19519",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-325",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "769FF9A1-2CCE-467C-9DB4-BED545D61CCF",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "D31DA0E1-DDEE-4689-915A-172880949664",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
          },
          {
            "db": "IVD",
            "id": "d31da0e1-ddee-4689-915a-172880949664"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-325"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5156"
          }
        ]
      },
      "id": "VAR-202003-0678",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
          },
          {
            "db": "IVD",
            "id": "d31da0e1-ddee-4689-915a-172880949664"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
          },
          {
            "db": "IVD",
            "id": "d31da0e1-ddee-4689-915a-172880949664"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:01:30.628000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5156"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0949"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5156"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5156"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-325"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5156"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
          },
          {
            "db": "IVD",
            "id": "d31da0e1-ddee-4689-915a-172880949664"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-325"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5156"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "769ff9a1-2cce-467c-9db4-bed545d61ccf"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "d31da0e1-ddee-4689-915a-172880949664"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          },
          {
            "date": "2020-03-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-325"
          },
          {
            "date": "2020-03-11T22:27:40.817000",
            "db": "NVD",
            "id": "CVE-2019-5156"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19519"
          },
          {
            "date": "2020-03-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-325"
          },
          {
            "date": "2024-11-21T04:44:27.447000",
            "db": "NVD",
            "id": "CVE-2019-5156"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-325"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 In  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014977"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-325"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0701

    Vulnerability from variot - Updated: 2024-11-23 23:01

    An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0701",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": "pfc200",
            "scope": null,
            "trust": 0.8,
            "vendor": "wago",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "200"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5184"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          }
        ]
      },
      "cve": "CVE-2019-5184",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5184",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015154",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 1.5,
                "id": "CNVD-2020-19509",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 1.5,
                "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 1.5,
                "id": "81572f69-1e74-46dc-83f1-5bd979f17592",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 1.5,
                "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5184",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015154",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5184",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015154",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-19509",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-359",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "81572f69-1e74-46dc-83f1-5bd979f17592",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-359"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5184"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable double free vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          },
          {
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5184",
            "trust": 3.6
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0965",
            "trust": 2.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19509",
            "trust": 1.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-359",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "F634B90B-7AEB-44EA-B4E2-948A6B6C7CBF",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "81572F69-1E74-46DC-83F1-5BD979F17592",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "9B67B2A9-75E5-4B5F-80DF-956EC36DF771",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-359"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5184"
          }
        ]
      },
      "id": "VAR-202003-0701",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          }
        ],
        "trust": 1.94345593
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:01:30.590000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-415",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5184"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0965"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5184"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5184"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-359"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5184"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-359"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5184"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          },
          {
            "date": "2020-04-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-359"
          },
          {
            "date": "2020-03-23T14:15:13.190000",
            "db": "NVD",
            "id": "CVE-2019-5184"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          },
          {
            "date": "2020-04-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015154"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-359"
          },
          {
            "date": "2024-11-21T04:44:30.623000",
            "db": "NVD",
            "id": "CVE-2019-5184"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-359"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 Resource Management Error Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-19509"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-359"
          }
        ],
        "trust": 1.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "f634b90b-7aeb-44ea-b4e2-948a6b6c7cbf"
          },
          {
            "db": "IVD",
            "id": "81572f69-1e74-46dc-83f1-5bd979f17592"
          },
          {
            "db": "IVD",
            "id": "9b67b2a9-75e5-4b5f-80df-956ec36df771"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-359"
          }
        ],
        "trust": 1.2
      }
    }

    VAR-202003-0684

    Vulnerability from variot - Updated: 2024-11-23 22:58

    An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company.

    There is a security hole in WAGO PFC 200

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0684",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
          },
          {
            "db": "IVD",
            "id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5166"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          }
        ]
      },
      "cve": "CVE-2019-5166",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5166",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014895",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-17498",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "e51458cb-9dc6-4948-82df-962171b5d5d5",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "ac477e1b-140b-46dc-88df-51352ee3d88d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5166",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014895",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5166",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014895",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17498",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-632",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e51458cb-9dc6-4948-82df-962171b5d5d5",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "ac477e1b-140b-46dc-88df-51352ee3d88d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
          },
          {
            "db": "IVD",
            "id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-632"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5166"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable stack buffer overflow vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company. \n\r\n\r\nThere is a security hole in WAGO PFC 200",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          },
          {
            "db": "IVD",
            "id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
          },
          {
            "db": "IVD",
            "id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5166",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0961",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17498",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-632",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E51458CB-9DC6-4948-82DF-962171B5D5D5",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "AC477E1B-140B-46DC-88DF-51352EE3D88D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
          },
          {
            "db": "IVD",
            "id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-632"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5166"
          }
        ]
      },
      "id": "VAR-202003-0684",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
          },
          {
            "db": "IVD",
            "id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
          },
          {
            "db": "IVD",
            "id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:58:20.678000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "PFC200 Controller",
            "trust": 0.8,
            "url": "https://www.wago.com/us/pfc200"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5166"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0961"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5166"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5166"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-632"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5166"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
          },
          {
            "db": "IVD",
            "id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-632"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5166"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-11T00:00:00",
            "db": "IVD",
            "id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
          },
          {
            "date": "2020-03-11T00:00:00",
            "db": "IVD",
            "id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          },
          {
            "date": "2020-03-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-632"
          },
          {
            "date": "2020-03-11T22:27:41.300000",
            "db": "NVD",
            "id": "CVE-2019-5166"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17498"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          },
          {
            "date": "2020-03-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-632"
          },
          {
            "date": "2024-11-21T04:44:28.610000",
            "db": "NVD",
            "id": "CVE-2019-5166"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-632"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 Classic buffer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014895"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e51458cb-9dc6-4948-82df-962171b5d5d5"
          },
          {
            "db": "IVD",
            "id": "ac477e1b-140b-46dc-88df-51352ee3d88d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-632"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202003-0677

    Vulnerability from variot - Updated: 2024-11-23 22:55

    An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12). WAGO PFC200 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0677",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
          },
          {
            "db": "IVD",
            "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5155"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          }
        ]
      },
      "cve": "CVE-2019-5155",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5155",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014932",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-17495",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-5155",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014932",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5155",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014932",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17495",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-334",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
          },
          {
            "db": "IVD",
            "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-334"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5155"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12). WAGO PFC200 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5155"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          },
          {
            "db": "IVD",
            "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
          },
          {
            "db": "IVD",
            "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5155",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0948",
            "trust": 2.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-334",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "5B9FB2AD-5F45-49D6-9BB3-38C388576359",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "0444E0CF-83E3-4C67-B00F-4904635FE6BD",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
          },
          {
            "db": "IVD",
            "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-334"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5155"
          }
        ]
      },
      "id": "VAR-202003-0677",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
          },
          {
            "db": "IVD",
            "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
          },
          {
            "db": "IVD",
            "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:55:16.352000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5155"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0948"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5155"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5155"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-334"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5155"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
          },
          {
            "db": "IVD",
            "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-334"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5155"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-334"
          },
          {
            "date": "2020-03-11T22:27:40.753000",
            "db": "NVD",
            "id": "CVE-2019-5155"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014932"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-334"
          },
          {
            "date": "2024-11-21T04:44:27.340000",
            "db": "NVD",
            "id": "CVE-2019-5155"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-334"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 Operating system command injection vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "5b9fb2ad-5f45-49d6-9bb3-38c388576359"
          },
          {
            "db": "IVD",
            "id": "0444e0cf-83e3-4c67-b00f-4904635fe6bd"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17495"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-334"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-334"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-1778

    Vulnerability from variot - Updated: 2024-11-23 22:51

    An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAGO PFC 200 Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) made by WAGO in Germany

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1778",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.03.10\\(15\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "wago",
            "version": "03.03.10(15)"
          },
          {
            "model": "pfc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "20003.03.10(15)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6090"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered through discussions between WAGO and Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-877"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-6090",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-6090",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006836",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-25701",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2020-6090",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006836",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-6090",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-006836",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-25701",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-877",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-6090",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-877"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6090"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAGO PFC 200 Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) made by WAGO in Germany",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-6090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6090"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2020-1010",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6090",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-25701",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-877",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6090",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-877"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6090"
          }
        ]
      },
      "id": "VAR-202006-1778",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          }
        ],
        "trust": 1.3434559300000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:51:19.747000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2020-6090 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-6090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-345",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-269",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6090"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2020-1010"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6090"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6090"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/345.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2020-6090"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-877"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6090"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-877"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6090"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          },
          {
            "date": "2020-06-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-6090"
          },
          {
            "date": "2020-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          },
          {
            "date": "2020-06-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-877"
          },
          {
            "date": "2020-06-11T14:15:10.487000",
            "db": "NVD",
            "id": "CVE-2020-6090"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-25701"
          },
          {
            "date": "2023-02-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-6090"
          },
          {
            "date": "2020-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          },
          {
            "date": "2023-02-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-877"
          },
          {
            "date": "2024-11-21T05:35:04.623000",
            "db": "NVD",
            "id": "CVE-2020-6090"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-877"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 Vulnerability related to authority management in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006836"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "data forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-877"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0703

    Vulnerability from variot - Updated: 2024-11-23 22:37

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface= using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len("/etc/config-tools/config_interfaces interface=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0703",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": "pfc200",
            "scope": null,
            "trust": 0.8,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "pfc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "200"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5186"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          }
        ]
      },
      "cve": "CVE-2019-5186",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "CVE-2019-5186",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015202",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-16628",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.0,
                "id": "CVE-2019-5186",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015202",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5186",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015202",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16628",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-377",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-377"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5186"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=\u003ccontents of interface element\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5186"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          },
          {
            "db": "IVD",
            "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5186",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0966",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16628",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-377",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "742FCDB8-852C-4B1E-A56F-3A4A89CF4C19",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-377"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5186"
          }
        ]
      },
      "id": "VAR-202003-0703",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          }
        ],
        "trust": 1.5434559300000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:37:31.212000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5186"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0966"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5186"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5186"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-377"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5186"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-377"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5186"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
          },
          {
            "date": "2020-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          },
          {
            "date": "2020-04-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-377"
          },
          {
            "date": "2020-03-23T14:15:13.487000",
            "db": "NVD",
            "id": "CVE-2019-5186"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16628"
          },
          {
            "date": "2020-04-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          },
          {
            "date": "2020-03-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-377"
          },
          {
            "date": "2024-11-21T04:44:30.847000",
            "db": "NVD",
            "id": "CVE-2019-5186"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-377"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 Classic buffer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015202"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "742fcdb8-852c-4b1e-a56f-3a4a89cf4c19"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-377"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202003-0702

    Vulnerability from variot - Updated: 2024-11-23 22:37

    An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state= using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len("/etc/config-tools/config_interfaces interface=X1 state=") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0702",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": "pfc200",
            "scope": null,
            "trust": 0.8,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "pfc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "200"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5185"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          }
        ]
      },
      "cve": "CVE-2019-5185",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "CVE-2019-5185",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015201",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-16629",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.0,
                "id": "CVE-2019-5185",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015201",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5185",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015201",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16629",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-380",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5185"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=\u003ccontents of state node\u003e using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len(\"/etc/config-tools/config_interfaces interface=X1 state=\") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) from the German company WAGO",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          },
          {
            "db": "IVD",
            "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5185",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0966",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16629",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-380",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "95A5A5B2-E3A6-42CF-88BA-0C970444C3D3",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5185"
          }
        ]
      },
      "id": "VAR-202003-0702",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          }
        ],
        "trust": 1.5434559300000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:37:31.182000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5185"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0966"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5185"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5185"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5185"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5185"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
          },
          {
            "date": "2020-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          },
          {
            "date": "2020-04-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-380"
          },
          {
            "date": "2020-03-23T14:15:13.283000",
            "db": "NVD",
            "id": "CVE-2019-5185"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16629"
          },
          {
            "date": "2020-04-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          },
          {
            "date": "2020-03-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-380"
          },
          {
            "date": "2024-11-21T04:44:30.733000",
            "db": "NVD",
            "id": "CVE-2019-5185"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-380"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 Classic buffer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015201"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "95a5a5b2-e3a6-42cf-88ba-0c970444c3d3"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-380"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201802-1047

    Vulnerability from variot - Updated: 2024-11-23 22:34

    An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. WAGO PFC200 series 3S CoDeSys Runtime Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a bus editable logic controller module from WAGO, Germany

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201802-1047",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "02.07.07\\(10\\)"
          },
          {
            "model": "pfc200",
            "scope": null,
            "trust": 0.8,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "pfc200 series 3s codesys runtime",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "2.3.x"
          },
          {
            "model": "pfc200 series 3s codesys runtime",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "2.4.x"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc200",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5459"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          }
        ]
      },
      "cve": "CVE-2018-5459",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-5459",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-03481",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-5459",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-5459",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-5459",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-03481",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201802-950",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-5459",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-950"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5459"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455. WAGO PFC200 series 3S CoDeSys Runtime Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a bus editable logic controller module from WAGO, Germany",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          },
          {
            "db": "IVD",
            "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5459"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5459",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-044-01",
            "trust": 3.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-950",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E3EDCF-39AB-11E9-A1CC-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5459",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-950"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5459"
          }
        ]
      },
      "id": "VAR-201802-1047",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          }
        ],
        "trust": 1.57459148
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:34:20.209000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://global.wago.com/jp/"
          },
          {
            "title": "WAGO PFC200 Series Patch for Incorrect Authentication Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/117903"
          },
          {
            "title": "WAGO PFC200 Series 3S CoDeSys Runtime Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100278"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-950"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5459"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-044-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5459"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5459"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56812"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-950"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5459"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-950"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5459"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-26T00:00:00",
            "db": "IVD",
            "id": "e2e3edcf-39ab-11e9-a1cc-000c29342cb1"
          },
          {
            "date": "2018-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          },
          {
            "date": "2018-02-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5459"
          },
          {
            "date": "2018-04-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "date": "2018-02-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-950"
          },
          {
            "date": "2018-02-13T21:29:00.207000",
            "db": "NVD",
            "id": "CVE-2018-5459"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03481"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5459"
          },
          {
            "date": "2018-04-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-950"
          },
          {
            "date": "2024-11-21T04:08:50.547000",
            "db": "NVD",
            "id": "CVE-2018-5459"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-950"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC200 series  3S CoDeSys Runtime Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002446"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-950"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0682

    Vulnerability from variot - Updated: 2024-11-23 22:29

    An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node. WAGO PFC 200 There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0682",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5160"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          }
        ]
      },
      "cve": "CVE-2019-5160",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5160",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014880",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-17492",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2019-5160",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014880",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5160",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014880",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17492",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-311",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-311"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5160"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node. WAGO PFC 200 There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          },
          {
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5160",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0953",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17492",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-311",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "8131A6F8-7D34-497E-B837-3C3A9ECD1E06",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "51EF958E-045E-4FF7-9809-F60A4D94B2B8",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-311"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5160"
          }
        ]
      },
      "id": "VAR-202003-0682",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:29:41.626000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5160"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0953"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5160"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5160"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-311"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5160"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-311"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5160"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-311"
          },
          {
            "date": "2020-03-11T22:27:41.097000",
            "db": "NVD",
            "id": "CVE-2019-5160"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17492"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014880"
          },
          {
            "date": "2020-03-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-311"
          },
          {
            "date": "2024-11-21T04:44:27.900000",
            "db": "NVD",
            "id": "CVE-2019-5160"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-311"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC200 Input validation error vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-311"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation error",
        "sources": [
          {
            "db": "IVD",
            "id": "8131a6f8-7d34-497e-b837-3c3a9ecd1e06"
          },
          {
            "db": "IVD",
            "id": "51ef958e-045e-4ff7-9809-f60a4d94b2b8"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-311"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202003-0676

    Vulnerability from variot - Updated: 2024-11-23 22:29

    The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14). WAGO PFC100 and PFC2000 Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. WAGO PFC100 is a programmable logic controller (PLC) of German WAGO company.

    WAGO PFC100 has a source management error vulnerability, which can be exploited by attackers to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0676",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc100",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc100",
            "version": "03.01.07(13)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5149"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          }
        ]
      },
      "cve": "CVE-2019-5149",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5149",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014879",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-17496",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "abe4ff05-654d-43a6-8d55-b27e00db4977",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5149",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014879",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5149",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014879",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17496",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-365",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "abe4ff05-654d-43a6-8d55-b27e00db4977",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-5149",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-5149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-365"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5149"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14). WAGO PFC100 and PFC2000 Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. WAGO PFC100 is a programmable logic controller (PLC) of German WAGO company. \n\r\n\r\nWAGO PFC100 has a source management error vulnerability, which can be exploited by attackers to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          },
          {
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-5149"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5149",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0939",
            "trust": 2.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-365",
            "trust": 1.0
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0953",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "8C3A524C-6B85-4B7F-A3BE-1A8890B51501",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "ABE4FF05-654D-43A6-8D55-B27E00DB4977",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-5149",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-5149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-365"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5149"
          }
        ]
      },
      "id": "VAR-202003-0676",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          }
        ],
        "trust": 1.55227211
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:29:41.589000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5149"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0939"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5149"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5149"
          },
          {
            "trust": 0.8,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0953"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/400.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-5149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-365"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5149"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-5149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-365"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5149"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          },
          {
            "date": "2020-03-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-5149"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-365"
          },
          {
            "date": "2020-03-11T22:27:40.583000",
            "db": "NVD",
            "id": "CVE-2019-5149"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-5149"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014879"
          },
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-365"
          },
          {
            "date": "2024-11-21T04:44:26.647000",
            "db": "NVD",
            "id": "CVE-2019-5149"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-365"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC100 Resource Management Error Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17496"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "8c3a524c-6b85-4b7f-a3be-1a8890b51501"
          },
          {
            "db": "IVD",
            "id": "abe4ff05-654d-43a6-8d55-b27e00db4977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-365"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202003-0683

    Vulnerability from variot - Updated: 2024-11-23 22:25

    An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. WAGO PFC 200 Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0683",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
          },
          {
            "db": "IVD",
            "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5161"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          }
        ]
      },
      "cve": "CVE-2019-5161",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5161",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014881",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-17491",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "835c124b-37aa-420f-8f53-faf79fa84dd6",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2019-5161",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014881",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5161",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014881",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17491",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-328",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "835c124b-37aa-420f-8f53-faf79fa84dd6",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
          },
          {
            "db": "IVD",
            "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-328"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5161"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. WAGO PFC 200 Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5161"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          },
          {
            "db": "IVD",
            "id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
          },
          {
            "db": "IVD",
            "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5161",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0954",
            "trust": 2.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-328",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "835C124B-37AA-420F-8F53-FAF79FA84DD6",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "35746FB2-1FF7-4D67-95B5-9CCAFFC74697",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
          },
          {
            "db": "IVD",
            "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-328"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5161"
          }
        ]
      },
      "id": "VAR-202003-0683",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
          },
          {
            "db": "IVD",
            "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
          },
          {
            "db": "IVD",
            "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:25:35.330000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-345",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5161"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0954"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5161"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5161"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-328"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5161"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
          },
          {
            "db": "IVD",
            "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-328"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5161"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-328"
          },
          {
            "date": "2020-03-11T22:27:41.160000",
            "db": "NVD",
            "id": "CVE-2019-5161"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014881"
          },
          {
            "date": "2020-03-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-328"
          },
          {
            "date": "2024-11-21T04:44:28.010000",
            "db": "NVD",
            "id": "CVE-2019-5161"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-328"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 Data Forgery Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "835c124b-37aa-420f-8f53-faf79fa84dd6"
          },
          {
            "db": "IVD",
            "id": "35746fb2-1ff7-4d67-95b5-9ccaffc74697"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17491"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "data forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-328"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0690

    Vulnerability from variot - Updated: 2024-11-23 21:59

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d= using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0690",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
          },
          {
            "db": "IVD",
            "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5172"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          }
        ]
      },
      "cve": "CVE-2019-5172",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5172",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014925",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16846",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5172",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014925",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5172",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014925",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16846",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-336",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
          },
          {
            "db": "IVD",
            "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5172"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d=\u003ccontents of ntp node\u003e using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          },
          {
            "db": "IVD",
            "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
          },
          {
            "db": "IVD",
            "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5172",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0962",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16846",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-336",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "5DC15F03-AAF7-4B7A-9C5E-6A4C6D2A59D5",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "54C71273-2E49-4B24-8DD3-5AFD84EF1D81",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
          },
          {
            "db": "IVD",
            "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5172"
          }
        ]
      },
      "id": "VAR-202003-0690",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
          },
          {
            "db": "IVD",
            "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
          },
          {
            "db": "IVD",
            "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:28.009000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5172"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5172"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5172"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5172"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
          },
          {
            "db": "IVD",
            "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5172"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "54c71273-2e49-4b24-8dd3-5afd84ef1d81"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-336"
          },
          {
            "date": "2020-03-11T23:15:11.560000",
            "db": "NVD",
            "id": "CVE-2019-5172"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16846"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-336"
          },
          {
            "date": "2024-11-21T04:44:29.287000",
            "db": "NVD",
            "id": "CVE-2019-5172"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-336"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014925"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-336"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0689

    Vulnerability from variot - Updated: 2024-11-23 21:59

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address= using sprintf(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0689",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
          },
          {
            "db": "IVD",
            "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5171"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          }
        ]
      },
      "cve": "CVE-2019-5171",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5171",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014914",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16847",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5171",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014914",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5171",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014914",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16847",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-339",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
          },
          {
            "db": "IVD",
            "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-339"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5171"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=\u003ccontents of ip node\u003e using sprintf(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          },
          {
            "db": "IVD",
            "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
          },
          {
            "db": "IVD",
            "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5171",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0962",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16847",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-339",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "2A3FDF54-04C3-46C8-B3D3-BA629AFB21CB",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "BC349DAF-30EC-4927-8C84-9E2EEF177F0C",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
          },
          {
            "db": "IVD",
            "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-339"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5171"
          }
        ]
      },
      "id": "VAR-202003-0689",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
          },
          {
            "db": "IVD",
            "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
          },
          {
            "db": "IVD",
            "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:27.974000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5171"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5171"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5171"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-339"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5171"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
          },
          {
            "db": "IVD",
            "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-339"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5171"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "2a3fdf54-04c3-46c8-b3d3-ba629afb21cb"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "bc349daf-30ec-4927-8c84-9e2eef177f0c"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-339"
          },
          {
            "date": "2020-03-12T00:15:18.087000",
            "db": "NVD",
            "id": "CVE-2019-5171"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16847"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-339"
          },
          {
            "date": "2024-11-21T04:44:29.173000",
            "db": "NVD",
            "id": "CVE-2019-5171"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-339"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014914"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-339"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0685

    Vulnerability from variot - Updated: 2024-11-23 21:59

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name= using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. An attacker could exploit this vulnerability to inject OS commands through a specially crafted XML cache file

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0685",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
          },
          {
            "db": "IVD",
            "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5167"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          }
        ]
      },
      "cve": "CVE-2019-5167",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5167",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014882",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16842",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "df2bebb0-ea1e-4491-b729-e46407bfea82",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5167",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014882",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5167",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014882",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16842",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-360",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "df2bebb0-ea1e-4491-b729-e46407bfea82",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
          },
          {
            "db": "IVD",
            "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-360"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5167"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=\u003ccontents of dns node\u003e using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. An attacker could exploit this vulnerability to inject OS commands through a specially crafted XML cache file",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          },
          {
            "db": "IVD",
            "id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
          },
          {
            "db": "IVD",
            "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5167",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0962",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16842",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-360",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "DF2BEBB0-EA1E-4491-B729-E46407BFEA82",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "6F20EC81-7D78-4047-889D-0E6CA4B0206C",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
          },
          {
            "db": "IVD",
            "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-360"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5167"
          }
        ]
      },
      "id": "VAR-202003-0685",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
          },
          {
            "db": "IVD",
            "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
          },
          {
            "db": "IVD",
            "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:27.940000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-74",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5167"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5167"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5167"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-360"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5167"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
          },
          {
            "db": "IVD",
            "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-360"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5167"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "df2bebb0-ea1e-4491-b729-e46407bfea82"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "6f20ec81-7d78-4047-889d-0e6ca4b0206c"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-360"
          },
          {
            "date": "2020-03-11T22:27:41.380000",
            "db": "NVD",
            "id": "CVE-2019-5167"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16842"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          },
          {
            "date": "2022-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-360"
          },
          {
            "date": "2024-11-21T04:44:28.727000",
            "db": "NVD",
            "id": "CVE-2019-5167"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-360"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 Injection vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014882"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-360"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0687

    Vulnerability from variot - Updated: 2024-11-23 21:59

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0687",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
          },
          {
            "db": "IVD",
            "id": "d20ba407-e974-4938-aca3-4773054a5f46"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5169"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          }
        ]
      },
      "cve": "CVE-2019-5169",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5169",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014912",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16840",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "13da69be-aba0-4136-bddd-ce2c3d493a07",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "d20ba407-e974-4938-aca3-4773054a5f46",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5169",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014912",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5169",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014912",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16840",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-348",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "13da69be-aba0-4136-bddd-ce2c3d493a07",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "d20ba407-e974-4938-aca3-4773054a5f46",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
          },
          {
            "db": "IVD",
            "id": "d20ba407-e974-4938-aca3-4773054a5f46"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-348"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5169"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value=\u003ccontents of gateway node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          },
          {
            "db": "IVD",
            "id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
          },
          {
            "db": "IVD",
            "id": "d20ba407-e974-4938-aca3-4773054a5f46"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5169",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0962",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16840",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-348",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "13DA69BE-ABA0-4136-BDDD-CE2C3D493A07",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "D20BA407-E974-4938-ACA3-4773054A5F46",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
          },
          {
            "db": "IVD",
            "id": "d20ba407-e974-4938-aca3-4773054a5f46"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-348"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5169"
          }
        ]
      },
      "id": "VAR-202003-0687",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
          },
          {
            "db": "IVD",
            "id": "d20ba407-e974-4938-aca3-4773054a5f46"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
          },
          {
            "db": "IVD",
            "id": "d20ba407-e974-4938-aca3-4773054a5f46"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:27.905000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5169"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5169"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5169"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-348"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5169"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
          },
          {
            "db": "IVD",
            "id": "d20ba407-e974-4938-aca3-4773054a5f46"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-348"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5169"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "13da69be-aba0-4136-bddd-ce2c3d493a07"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "d20ba407-e974-4938-aca3-4773054a5f46"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-348"
          },
          {
            "date": "2020-03-12T00:15:17.960000",
            "db": "NVD",
            "id": "CVE-2019-5169"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16840"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-348"
          },
          {
            "date": "2024-11-21T04:44:28.947000",
            "db": "NVD",
            "id": "CVE-2019-5169"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-348"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014912"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-348"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0691

    Vulnerability from variot - Updated: 2024-11-23 21:59

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0691",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
          },
          {
            "db": "IVD",
            "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5173"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          }
        ]
      },
      "cve": "CVE-2019-5173",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5173",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014926",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16845",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5173",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014926",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5173",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014926",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16845",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-331",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
          },
          {
            "db": "IVD",
            "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-331"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5173"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=\u003ccontents of state node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          },
          {
            "db": "IVD",
            "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
          },
          {
            "db": "IVD",
            "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5173",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0962",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16845",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-331",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "8D31DE5D-FE5D-4F4B-A573-0391D6016CE8",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "33A0ABC6-23A0-4441-82A6-16B3B4F12D8D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
          },
          {
            "db": "IVD",
            "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-331"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5173"
          }
        ]
      },
      "id": "VAR-202003-0691",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
          },
          {
            "db": "IVD",
            "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
          },
          {
            "db": "IVD",
            "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:27.871000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5173"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5173"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5173"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-331"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5173"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
          },
          {
            "db": "IVD",
            "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-331"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5173"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "8d31de5d-fe5d-4f4b-a573-0391d6016ce8"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "33a0abc6-23a0-4441-82a6-16b3b4f12d8d"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-331"
          },
          {
            "date": "2020-03-11T23:15:11.620000",
            "db": "NVD",
            "id": "CVE-2019-5173"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16845"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-331"
          },
          {
            "date": "2024-11-21T04:44:29.397000",
            "db": "NVD",
            "id": "CVE-2019-5173"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-331"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014926"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-331"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0692

    Vulnerability from variot - Updated: 2024-11-23 21:59

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0692",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
          },
          {
            "db": "IVD",
            "id": "208ab9d6-2954-4e07-881e-503940c90652"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5174"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          }
        ]
      },
      "cve": "CVE-2019-5174",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5174",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014927",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16844",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "208ab9d6-2954-4e07-881e-503940c90652",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5174",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014927",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5174",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014927",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16844",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-330",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "208ab9d6-2954-4e07-881e-503940c90652",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
          },
          {
            "db": "IVD",
            "id": "208ab9d6-2954-4e07-881e-503940c90652"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-330"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5174"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=\u003ccontents of subnetmask node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          },
          {
            "db": "IVD",
            "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
          },
          {
            "db": "IVD",
            "id": "208ab9d6-2954-4e07-881e-503940c90652"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5174",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0962",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16844",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-330",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "21A562C4-5F87-40E1-87BC-F2A2A7EED573",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "208AB9D6-2954-4E07-881E-503940C90652",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
          },
          {
            "db": "IVD",
            "id": "208ab9d6-2954-4e07-881e-503940c90652"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-330"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5174"
          }
        ]
      },
      "id": "VAR-202003-0692",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
          },
          {
            "db": "IVD",
            "id": "208ab9d6-2954-4e07-881e-503940c90652"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
          },
          {
            "db": "IVD",
            "id": "208ab9d6-2954-4e07-881e-503940c90652"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:27.836000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5174"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5174"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5174"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-330"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5174"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
          },
          {
            "db": "IVD",
            "id": "208ab9d6-2954-4e07-881e-503940c90652"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-330"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5174"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "21a562c4-5f87-40e1-87bc-f2a2a7eed573"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "208ab9d6-2954-4e07-881e-503940c90652"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-330"
          },
          {
            "date": "2020-03-11T23:15:11.700000",
            "db": "NVD",
            "id": "CVE-2019-5174"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16844"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-330"
          },
          {
            "date": "2024-11-21T04:44:29.510000",
            "db": "NVD",
            "id": "CVE-2019-5174"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-330"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014927"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-330"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0686

    Vulnerability from variot - Updated: 2024-11-23 21:59

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name= using sprintf().This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0686",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
          },
          {
            "db": "IVD",
            "id": "8ac74de1-9894-453a-b57a-9298929035dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5168"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          }
        ]
      },
      "cve": "CVE-2019-5168",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5168",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014883",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16841",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "fa3fd774-34c0-4201-90d7-ef26130799d5",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "8ac74de1-9894-453a-b57a-9298929035dc",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5168",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014883",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5168",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014883",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16841",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-351",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "fa3fd774-34c0-4201-90d7-ef26130799d5",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "8ac74de1-9894-453a-b57a-9298929035dc",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
          },
          {
            "db": "IVD",
            "id": "8ac74de1-9894-453a-b57a-9298929035dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-351"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5168"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=\u003ccontents of domainname node\u003e using sprintf().This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          },
          {
            "db": "IVD",
            "id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
          },
          {
            "db": "IVD",
            "id": "8ac74de1-9894-453a-b57a-9298929035dc"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5168",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0962",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16841",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-351",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "FA3FD774-34C0-4201-90D7-EF26130799D5",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "8AC74DE1-9894-453A-B57A-9298929035DC",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
          },
          {
            "db": "IVD",
            "id": "8ac74de1-9894-453a-b57a-9298929035dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-351"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5168"
          }
        ]
      },
      "id": "VAR-202003-0686",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
          },
          {
            "db": "IVD",
            "id": "8ac74de1-9894-453a-b57a-9298929035dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
          },
          {
            "db": "IVD",
            "id": "8ac74de1-9894-453a-b57a-9298929035dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:27.801000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5168"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5168"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5168"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-351"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5168"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
          },
          {
            "db": "IVD",
            "id": "8ac74de1-9894-453a-b57a-9298929035dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-351"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5168"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "fa3fd774-34c0-4201-90d7-ef26130799d5"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "8ac74de1-9894-453a-b57a-9298929035dc"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-351"
          },
          {
            "date": "2020-03-11T22:27:41.443000",
            "db": "NVD",
            "id": "CVE-2019-5168"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16841"
          },
          {
            "date": "2020-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          },
          {
            "date": "2020-03-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-351"
          },
          {
            "date": "2024-11-21T04:44:28.840000",
            "db": "NVD",
            "id": "CVE-2019-5168"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-351"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 In  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014883"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-351"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0688

    Vulnerability from variot - Updated: 2024-11-23 21:59

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0688",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
          },
          {
            "db": "IVD",
            "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5170"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          }
        ]
      },
      "cve": "CVE-2019-5170",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5170",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014913",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16848",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "2859c97c-4041-4692-8686-f7c0c743d9d6",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5170",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014913",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5170",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014913",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16848",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-345",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "2859c97c-4041-4692-8686-f7c0c743d9d6",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
          },
          {
            "db": "IVD",
            "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-345"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5170"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname=\u003ccontents of hostname node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          },
          {
            "db": "IVD",
            "id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
          },
          {
            "db": "IVD",
            "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5170",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0962",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16848",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-345",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "2859C97C-4041-4692-8686-F7C0C743D9D6",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "BD8523E7-9DE1-4EAC-9055-2EAF59E6A50F",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
          },
          {
            "db": "IVD",
            "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-345"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5170"
          }
        ]
      },
      "id": "VAR-202003-0688",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
          },
          {
            "db": "IVD",
            "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          }
        ],
        "trust": 1.63251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
          },
          {
            "db": "IVD",
            "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:27.768000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5170"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5170"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5170"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-345"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5170"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
          },
          {
            "db": "IVD",
            "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-345"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5170"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "2859c97c-4041-4692-8686-f7c0c743d9d6"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "bd8523e7-9de1-4eac-9055-2eaf59e6a50f"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-345"
          },
          {
            "date": "2020-03-12T00:15:18.023000",
            "db": "NVD",
            "id": "CVE-2019-5170"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16848"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-345"
          },
          {
            "date": "2024-11-21T04:44:29.060000",
            "db": "NVD",
            "id": "CVE-2019-5170"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-345"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014913"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-345"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0693

    Vulnerability from variot - Updated: 2024-11-23 21:59

    An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1ea28 the extracted type value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled config-type= using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0693",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.02.02(14)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.02.02\\(14\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc200",
            "version": "03.02.02(14)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5175"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          }
        ]
      },
      "cve": "CVE-2019-5175",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5175",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014928",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16843",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5175",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014928",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5175",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014928",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16843",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-329",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-329"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5175"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1ea28 the extracted type value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled config-type=\u003ccontents of type node\u003e using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          },
          {
            "db": "IVD",
            "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5175",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0962",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-329",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "CE9CB0A6-0CF5-4815-BC50-D312C9BEA66E",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-329"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5175"
          }
        ]
      },
      "id": "VAR-202003-0693",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          }
        ],
        "trust": 1.43251626
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:27.737000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5175"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0962"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5175"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5175"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-329"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5175"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-329"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5175"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-09T00:00:00",
            "db": "IVD",
            "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-329"
          },
          {
            "date": "2020-03-11T23:15:11.747000",
            "db": "NVD",
            "id": "CVE-2019-5175"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014928"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-329"
          },
          {
            "date": "2024-11-21T04:44:29.620000",
            "db": "NVD",
            "id": "CVE-2019-5175"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-329"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC200 Command injection vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "ce9cb0a6-0cf5-4815-bc50-d312c9bea66e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16843"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-329"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-0422

    Vulnerability from variot - Updated: 2024-11-23 21:51

    An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO.

    There is a buffer overflow vulnerability in the 'I / O-Check' function in WAGO PFC200 and PFC100. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0422",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "wago",
            "version": "03.01.07(12)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "03.00.39(12)"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5082"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          }
        ]
      },
      "cve": "CVE-2019-5082",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5082",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-03737",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5082",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-5082",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5082",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5082",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-03737",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201912-915",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-915"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5082"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO. \n\r\n\r\nThere is a buffer overflow vulnerability in the \u0027I / O-Check\u0027 function in WAGO PFC200 and PFC100. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5082",
            "trust": 3.0
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0874",
            "trust": 2.4
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2019-022",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0842",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-065-01",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-915",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-915"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5082"
          }
        ]
      },
      "id": "VAR-202001-0422",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          }
        ],
        "trust": 1.1522721100000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:49.677000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          },
          {
            "title": "Patch for WAGO PFC 200 \u0027I / O-Check\u0027 Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/199035"
          },
          {
            "title": "WAGO PFC200  and PFC100 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106686"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-915"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5082"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0874"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5082"
          },
          {
            "trust": 1.2,
            "url": "https://cert.vde.com/de-de/advisories/vde-2019-022"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5082"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-915"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5082"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-915"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5082"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          },
          {
            "date": "2020-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "date": "2019-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-915"
          },
          {
            "date": "2020-01-08T17:15:11.837000",
            "db": "NVD",
            "id": "CVE-2019-5082"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-03737"
          },
          {
            "date": "2020-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          },
          {
            "date": "2020-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-915"
          },
          {
            "date": "2024-11-21T04:44:18.983000",
            "db": "NVD",
            "id": "CVE-2019-5082"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 and  PFC100 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014186"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-915"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201912-0778

    Vulnerability from variot - Updated: 2024-11-23 21:51

    An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains an out-of-bounds write vulnerability for a critical function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.

    WAGO PFC200 has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0778",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc 100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 100",
            "version": "03.00.39(12)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "370be516-5627-47d6-9e74-a8561eee7d4d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5079"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Kelly Leuschner of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-5079",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5079",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-46395",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "370be516-5627-47d6-9e74-a8561eee7d4d",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5079",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-5079",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5079",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5079",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-46395",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201912-739",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "370be516-5627-47d6-9e74-a8561eee7d4d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "370be516-5627-47d6-9e74-a8561eee7d4d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5079"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains an out-of-bounds write vulnerability for a critical function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5079"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          },
          {
            "db": "IVD",
            "id": "370be516-5627-47d6-9e74-a8561eee7d4d"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5079",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0871",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46395",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-739",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-065-01",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0842",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "370BE516-5627-47D6-9E74-A8561EEE7D4D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "370be516-5627-47d6-9e74-a8561eee7d4d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5079"
          }
        ]
      },
      "id": "VAR-201912-0778",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "370be516-5627-47d6-9e74-a8561eee7d4d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          }
        ],
        "trust": 1.374945585
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "370be516-5627-47d6-9e74-a8561eee7d4d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:49.341000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          },
          {
            "title": "WAGO PFC 200  and WAGO PFC100 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105556"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5079"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0871"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5079"
          },
          {
            "trust": 1.2,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0871"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5079"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5079"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "370be516-5627-47d6-9e74-a8561eee7d4d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5079"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "IVD",
            "id": "370be516-5627-47d6-9e74-a8561eee7d4d"
          },
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          },
          {
            "date": "2020-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "date": "2019-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          },
          {
            "date": "2019-12-18T21:15:14.163000",
            "db": "NVD",
            "id": "CVE-2019-5079"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46395"
          },
          {
            "date": "2020-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          },
          {
            "date": "2020-06-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          },
          {
            "date": "2024-11-21T04:44:18.630000",
            "db": "NVD",
            "id": "CVE-2019-5079"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 and  PFC100 Firmware out-of-bounds vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013722"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "370be516-5627-47d6-9e74-a8561eee7d4d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-739"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201912-0774

    Vulnerability from variot - Updated: 2024-11-23 21:51

    An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service "I/O-Check" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.

    WAGO PFC200 has a buffer overflow vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0774",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc 100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 100",
            "version": "03.00.39(12)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5075"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Kelly Leuschner of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-5075",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5075",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-46398",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "027060de-fc78-4359-ac1f-580c302f96c8",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5075",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-5075",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5075",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5075",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-46398",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201912-734",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "027060de-fc78-4359-ac1f-580c302f96c8",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5075"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service \"I/O-Check\" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has a buffer overflow vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          },
          {
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5075",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0864",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-734",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745",
            "trust": 0.8
          },
          {
            "db": "NSFOCUS",
            "id": "47153",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0842",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-065-01",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "027060DE-FC78-4359-AC1F-580C302F96C8",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5075"
          }
        ]
      },
      "id": "VAR-201912-0774",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          }
        ],
        "trust": 1.374945585
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:49.310000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          },
          {
            "title": "WAGO PFC 200  and WAGO PFC100 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106022"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5075"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0864"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5075"
          },
          {
            "trust": 1.2,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0864"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5075"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47153"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5075"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5075"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          },
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          },
          {
            "date": "2020-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "date": "2019-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          },
          {
            "date": "2019-12-18T21:15:14.007000",
            "db": "NVD",
            "id": "CVE-2019-5075"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          },
          {
            "date": "2020-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013745"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          },
          {
            "date": "2024-11-21T04:44:18.160000",
            "db": "NVD",
            "id": "CVE-2019-5075"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC200 Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46398"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "027060de-fc78-4359-ac1f-580c302f96c8"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-734"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201912-0779

    Vulnerability from variot - Updated: 2024-11-23 21:51

    An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO. Attackers can Exploitation of this vulnerability resulted in a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0779",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc 100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 100",
            "version": "03.00.39(12)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5080"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Kelly Leuschner of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-742"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-5080",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5080",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-46629",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5080",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-5080",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5080",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5080",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-46629",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201912-742",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-742"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5080"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable denial-of-service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 and WAGO PFC100 are both programmable logic controllers (PLCs) from the German company WAGO. Attackers can Exploitation of this vulnerability resulted in a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          },
          {
            "db": "IVD",
            "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5080",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0872",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46629",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-742",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0842",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47155",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-065-01",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "AC656BE7-CAA8-4D9A-BD23-A4A8AE420DA6",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-742"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5080"
          }
        ]
      },
      "id": "VAR-201912-0779",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          }
        ],
        "trust": 1.374945585
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:49.278000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5080"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0872"
          },
          {
            "trust": 1.8,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0872"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5080"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5080"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47155"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-742"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5080"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-742"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5080"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-24T00:00:00",
            "db": "IVD",
            "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
          },
          {
            "date": "2019-12-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          },
          {
            "date": "2020-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          },
          {
            "date": "2019-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-742"
          },
          {
            "date": "2019-12-18T21:15:14.240000",
            "db": "NVD",
            "id": "CVE-2019-5080"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46629"
          },
          {
            "date": "2020-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          },
          {
            "date": "2020-07-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-742"
          },
          {
            "date": "2024-11-21T04:44:18.750000",
            "db": "NVD",
            "id": "CVE-2019-5080"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-742"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 and  PFC100 Vulnerability related to lack of certification for critical functions in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013723"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access control error",
        "sources": [
          {
            "db": "IVD",
            "id": "ac656be7-caa8-4d9a-bd23-a4a8ae420da6"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-742"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201912-0777

    Vulnerability from variot - Updated: 2024-11-23 21:51

    An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.

    WAGO PFC200 has an access control error vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0777",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc 100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "03.00.3912"
          },
          {
            "model": "pfc 100",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "03.00.3912"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "pfc 100",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wago",
            "version": "03.01.0713"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 100",
            "version": "03.00.39(12)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5078"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Kelly Leuschner of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-5078",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5078",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-46399",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5078",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-5078",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5078",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5078",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-46399",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201912-733",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5078"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable denial of service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware is vulnerable to a lack of authentication for critical functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has an access control error vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          },
          {
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5078",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0870",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-733",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-065-01",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0842",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "188ECB88-1B7C-4AB4-9617-D7DD2D2084B8",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5078"
          }
        ]
      },
      "id": "VAR-201912-0777",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          }
        ],
        "trust": 1.374945585
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:49.247000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5078"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0870"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5078"
          },
          {
            "trust": 1.2,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0870"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5078"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5078"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5078"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          },
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          },
          {
            "date": "2020-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          },
          {
            "date": "2019-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          },
          {
            "date": "2019-12-18T21:15:14.083000",
            "db": "NVD",
            "id": "CVE-2019-5078"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          },
          {
            "date": "2020-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013746"
          },
          {
            "date": "2020-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          },
          {
            "date": "2024-11-21T04:44:18.513000",
            "db": "NVD",
            "id": "CVE-2019-5078"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC200 Access Control Error Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46399"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access control error",
        "sources": [
          {
            "db": "IVD",
            "id": "188ecb88-1b7c-4ab4-9617-d7dd2d2084b8"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-733"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201912-0772

    Vulnerability from variot - Updated: 2024-11-23 21:51

    An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an information disclosure vulnerability.Information may be obtained. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.

    WAGO PFC200 has an information disclosure vulnerability. The vulnerability stems from configuration errors during the operation of the network system or product. An attacker could use this vulnerability to obtain sensitive information about the affected components

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0772",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc 100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 100",
            "version": "03.00.39(12)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5073"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Kelly Leuschner of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-5073",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5073",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-46397",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5073",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2019-5073",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5073",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5073",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-46397",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201912-735",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5073"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable information exposure vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC 200 and PFC100 Firmware contains an information disclosure vulnerability.Information may be obtained. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has an information disclosure vulnerability. The vulnerability stems from configuration errors during the operation of the network system or product. An attacker could use this vulnerability to obtain sensitive information about the affected components",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5073"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          },
          {
            "db": "IVD",
            "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5073",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0862",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-735",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744",
            "trust": 0.8
          },
          {
            "db": "NSFOCUS",
            "id": "47152",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0842",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-065-01",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "32CFF3E1-62C7-4B0D-9C9D-F140EBBC5A6F",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5073"
          }
        ]
      },
      "id": "VAR-201912-0772",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          }
        ],
        "trust": 1.374945585
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:49.213000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          },
          {
            "title": "WAGO PFC 200  and WAGO PFC100 Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106023"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5073"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0862"
          },
          {
            "trust": 1.8,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0862"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5073"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5073"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47152"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5073"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5073"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "IVD",
            "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
          },
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          },
          {
            "date": "2020-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "date": "2019-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          },
          {
            "date": "2019-12-18T21:15:13.897000",
            "db": "NVD",
            "id": "CVE-2019-5073"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          },
          {
            "date": "2020-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013744"
          },
          {
            "date": "2020-07-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          },
          {
            "date": "2024-11-21T04:44:17.933000",
            "db": "NVD",
            "id": "CVE-2019-5073"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC200 Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "32cff3e1-62c7-4b0d-9c9d-f140ebbc5a6f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46397"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-735"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201912-0780

    Vulnerability from variot - Updated: 2024-11-23 21:51

    An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO.

    WAGO PFC200 has a buffer overflow vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0780",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.01.07(13)"
          },
          {
            "model": "pfc200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc100",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "wago",
            "version": "03.00.39(12)"
          },
          {
            "model": "pfc 100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.00.39\\(12\\)"
          },
          {
            "model": "pfc 200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.01.07\\(13\\)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.00.39(12)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 200",
            "version": "03.01.07(13)"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pfc 100",
            "version": "03.00.39(12)"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5081"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:wago:pfc200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Kelly Leuschner of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-5081",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5081",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-46394",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5081",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-5081",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5081",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5081",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-46394",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201912-745",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5081"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service \u0027\u0027I/O-Chec\u0027\u0027 functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. WAGO PFC200 is a programmable logic controller (PLC) from the German company WAGO. \n\nWAGO PFC200 has a buffer overflow vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          },
          {
            "db": "IVD",
            "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5081",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0873",
            "trust": 3.0
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0874",
            "trust": 2.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46394",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-745",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0842",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-065-01",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "C6438B63-D1BB-46D1-9B83-34F99FD9E90B",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5081"
          }
        ]
      },
      "id": "VAR-201912-0780",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          }
        ],
        "trust": 1.374945585
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:49.180000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.wago.com/us/"
          },
          {
            "title": "WAGO PFC 200  and PFC100 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105557"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5081"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0873"
          },
          {
            "trust": 1.8,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0873"
          },
          {
            "trust": 1.6,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0874"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5081"
          },
          {
            "trust": 1.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0874"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5081"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-065-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0842/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5081"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5081"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "IVD",
            "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
          },
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          },
          {
            "date": "2020-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "date": "2019-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          },
          {
            "date": "2019-12-18T20:15:16.917000",
            "db": "NVD",
            "id": "CVE-2019-5081"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-12-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-46394"
          },
          {
            "date": "2020-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          },
          {
            "date": "2021-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          },
          {
            "date": "2024-11-21T04:44:18.867000",
            "db": "NVD",
            "id": "CVE-2019-5081"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAGO PFC 200 and  PFC100 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013791"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "c6438b63-d1bb-46d1-9b83-34f99fd9e90b"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-745"
          }
        ],
        "trust": 0.8
      }
    }