VDE-2019-022
Vulnerability from csaf_wagogmbhcokg - Published: 2019-12-16 09:00 - Updated: 2019-12-16 09:00Summary
WAGO: Multiple Vulnerabilities in I/O-Check Service in Multiple Devices
Notes
Summary: The reported vulnerabilities allow a remote attacker to change the setting, delete the application, set the device to factory defaults, code execution and to cause a system crash or denial of service.
Note(s)
The following products are affected by the listed vulnerabilities:
Series PFC100 (750-81xx/xxx-xxx)
Series PFC200 (750-82xx/xxx-xxx)
The following products are affected by the vulnerability CVE-2019-5078
750-852, 750-831/xxx-xxx, 750-881, 750-880/xxx-xxx, 750-889
750-823, 750-832/xxx-xxx, 750-862, 750-890/xxx-xxx, 750-891
Impact: These vulnerabilities allow an attacker to manipulate the settings or disturb the basic function of the device via specially crafted IP packets. This can be potentially used to get control of the device.
Mitigation: Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP-ports
Remediation: The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.
Regardless of the action described above, the following CVEs can be fixed alternatively by a firmware update >= FW 15.
CVE-2019-5073
CVE-2019-5074
CVE-2019-5075
CVE-2019-5079
CVE-2019-5081
CVE-2019-5082
An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
9.8 (Critical)
Mitigation
Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP-ports
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.
Regardless of the action described above, the following CVEs can be fixed alternatively by a firmware update >= FW 15.
CVE-2019-5073
CVE-2019-5074
CVE-2019-5075
CVE-2019-5079
CVE-2019-5081
CVE-2019-5082
An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
9.8 (Critical)
Mitigation
Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP-ports
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.
Regardless of the action described above, the following CVEs can be fixed alternatively by a firmware update >= FW 15.
CVE-2019-5073
CVE-2019-5074
CVE-2019-5075
CVE-2019-5079
CVE-2019-5081
CVE-2019-5082
An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
9.8 (Critical)
Mitigation
Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP-ports
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.
Regardless of the action described above, the following CVEs can be fixed alternatively by a firmware update >= FW 15.
CVE-2019-5073
CVE-2019-5074
CVE-2019-5075
CVE-2019-5079
CVE-2019-5081
CVE-2019-5082
An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service "I/O-Check" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
9.8 (Critical)
Mitigation
Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP-ports
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.
Regardless of the action described above, the following CVEs can be fixed alternatively by a firmware update >= FW 15.
CVE-2019-5073
CVE-2019-5074
CVE-2019-5075
CVE-2019-5079
CVE-2019-5081
CVE-2019-5082
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
9.8 (Critical)
Mitigation
Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP-ports
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.
Regardless of the action described above, the following CVEs can be fixed alternatively by a firmware update >= FW 15.
CVE-2019-5073
CVE-2019-5074
CVE-2019-5075
CVE-2019-5079
CVE-2019-5081
CVE-2019-5082
An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability.
5.3 (Medium)
Mitigation
Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP-ports
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.
Regardless of the action described above, the following CVEs can be fixed alternatively by a firmware update >= FW 15.
CVE-2019-5073
CVE-2019-5074
CVE-2019-5075
CVE-2019-5079
CVE-2019-5081
CVE-2019-5082
An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability.
9.1 (Critical)
Mitigation
Restrict network access to the device.
Do not directly connect the device to the internet.
Disable unused TCP/UDP-ports
Vendor Fix
The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.
Regardless of the action described above, the following CVEs can be fixed alternatively by a firmware update >= FW 15.
CVE-2019-5073
CVE-2019-5074
CVE-2019-5075
CVE-2019-5079
CVE-2019-5081
CVE-2019-5082
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
Cisco Talos
Kelly Leuschner
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Kelly Leuschner"
],
"organization": "Cisco Talos",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The reported vulnerabilities allow a remote attacker to change the setting, delete the application, set the device to factory defaults, code execution and to cause a system crash or denial of service.\n\nNote(s)\n\nThe following products are affected by the listed vulnerabilities:\n\nSeries PFC100 (750-81xx/xxx-xxx)\nSeries PFC200 (750-82xx/xxx-xxx)\n\nThe following products are affected by the vulnerability CVE-2019-5078\n\n750-852, 750-831/xxx-xxx, 750-881, 750-880/xxx-xxx, 750-889\n\n750-823, 750-832/xxx-xxx, 750-862, 750-890/xxx-xxx, 750-891",
"title": "Summary"
},
{
"category": "description",
"text": "These vulnerabilities allow an attacker to manipulate the settings or disturb the basic function of the device via specially crafted IP packets. This can be potentially used to get control of the device.",
"title": "Impact"
},
{
"category": "description",
"text": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP-ports",
"title": "Mitigation"
},
{
"category": "description",
"text": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.\n\nRegardless of the action described above, the following CVEs can be fixed alternatively by a firmware update \u003e= FW 15.\n\nCVE-2019-5073\n\nCVE-2019-5074\n\nCVE-2019-5075\n\nCVE-2019-5079\n\nCVE-2019-5081\n\nCVE-2019-5082",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2019-022: WAGO: Multiple Vulnerabilities in I/O-Check Service in Multiple Devices - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-022/"
},
{
"category": "self",
"summary": "VDE-2019-022: WAGO: Multiple Vulnerabilities in I/O-Check Service in Multiple Devices - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-022.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "WAGO: Multiple Vulnerabilities in I/O-Check Service in Multiple Devices",
"tracking": {
"aliases": [
"VDE-2019-022"
],
"current_release_date": "2019-12-16T09:00:00.000Z",
"generator": {
"date": "2025-04-23T08:38:46.673Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2019-022",
"initial_release_date": "2019-12-16T09:00:00.000Z",
"revision_history": [
{
"date": "2019-12-16T09:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-81xx/xxx-xxx (PFC100)",
"product": {
"name": "750-81xx/xxx-xxx (PFC100)",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "750-823",
"product": {
"name": "750-823",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "750-82xx/xxx-xxx (PFC200)",
"product": {
"name": "750-82xx/xxx-xxx (PFC200)",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "750-831/xxx-xxx",
"product": {
"name": "750-831/xxx-xxx",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "750-832/xxx-xxx",
"product": {
"name": "750-832/xxx-xxx",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "750-852",
"product": {
"name": "750-852",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "750-862",
"product": {
"name": "750-862",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "750-880/xxx-xxx",
"product": {
"name": "750-880/xxx-xxx",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "750-881",
"product": {
"name": "750-881",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "750-889",
"product": {
"name": "750-889",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "750-890/xxx-xxx",
"product": {
"name": "750-890/xxx-xxx",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "750-891",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "750-891",
"product_id": "CSAFPID-11013"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cFW15",
"product": {
"name": "Firmware \u003cFW15",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "FW15",
"product": {
"name": "Firmware FW15",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-81xx/xxx-xxx (PFC100)",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-823",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-82xx/xxx-xxx (PFC200)",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-831/xxx-xxx",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-832/xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-852",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-891",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-862",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-880/xxx-xxx",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-881",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-889",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-890/xxx-xxx",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-81xx/xxx-xxx (PFC100)",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-823",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-82xx/xxx-xxx (PFC200)",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-831/xxx-xxx",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-832/xxx-xxx",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-852",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-891",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-862",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-880/xxx-xxx",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-881",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-889",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-890/xxx-xxx",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW15 installed on 750-891",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-891",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5082",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP-ports",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.\n\nRegardless of the action described above, the following CVEs can be fixed alternatively by a firmware update \u003e= FW 15.\n\nCVE-2019-5073\n\nCVE-2019-5074\n\nCVE-2019-5075\n\nCVE-2019-5079\n\nCVE-2019-5081\n\nCVE-2019-5082",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
}
],
"title": "CVE-2019-5082"
},
{
"cve": "CVE-2019-5081",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service \u0027\u0027I/O-Chec\u0027\u0027 functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP-ports",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.\n\nRegardless of the action described above, the following CVEs can be fixed alternatively by a firmware update \u003e= FW 15.\n\nCVE-2019-5073\n\nCVE-2019-5074\n\nCVE-2019-5075\n\nCVE-2019-5079\n\nCVE-2019-5081\n\nCVE-2019-5082",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
}
],
"title": "CVE-2019-5081"
},
{
"cve": "CVE-2019-5079",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP-ports",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.\n\nRegardless of the action described above, the following CVEs can be fixed alternatively by a firmware update \u003e= FW 15.\n\nCVE-2019-5073\n\nCVE-2019-5074\n\nCVE-2019-5075\n\nCVE-2019-5079\n\nCVE-2019-5081\n\nCVE-2019-5082",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
}
],
"title": "CVE-2019-5079"
},
{
"cve": "CVE-2019-5075",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service \"I/O-Check\" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP-ports",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.\n\nRegardless of the action described above, the following CVEs can be fixed alternatively by a firmware update \u003e= FW 15.\n\nCVE-2019-5073\n\nCVE-2019-5074\n\nCVE-2019-5075\n\nCVE-2019-5079\n\nCVE-2019-5081\n\nCVE-2019-5082",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
}
],
"title": "CVE-2019-5075"
},
{
"cve": "CVE-2019-5074",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable stack buffer overflow vulnerability exists in the iocheckd service \u0027\u0027I/O-Check\u0027\u0027 functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP-ports",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.\n\nRegardless of the action described above, the following CVEs can be fixed alternatively by a firmware update \u003e= FW 15.\n\nCVE-2019-5073\n\nCVE-2019-5074\n\nCVE-2019-5075\n\nCVE-2019-5079\n\nCVE-2019-5081\n\nCVE-2019-5082",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
}
],
"title": "CVE-2019-5074"
},
{
"cve": "CVE-2019-5073",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "An exploitable information exposure vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP-ports",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.\n\nRegardless of the action described above, the following CVEs can be fixed alternatively by a firmware update \u003e= FW 15.\n\nCVE-2019-5073\n\nCVE-2019-5074\n\nCVE-2019-5075\n\nCVE-2019-5079\n\nCVE-2019-5081\n\nCVE-2019-5082",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
}
],
"title": "CVE-2019-5073"
},
{
"cve": "CVE-2019-5078",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "An exploitable denial of service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict network access to the device.\nDo not directly connect the device to the internet.\nDisable unused TCP/UDP-ports",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The I/O-Check service protocol is only needed during installation and commissioning, not during normal operations. It is highly recommended to disable the IP-port 6626 after commissioning. This is the easiest and securest way to protect your device for the listed vulnerabilities and for upcoming zero day exploits.\n\nRegardless of the action described above, the following CVEs can be fixed alternatively by a firmware update \u003e= FW 15.\n\nCVE-2019-5073\n\nCVE-2019-5074\n\nCVE-2019-5075\n\nCVE-2019-5079\n\nCVE-2019-5081\n\nCVE-2019-5082",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
}
],
"title": "CVE-2019-5078"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…