SB2019121708 - Multiple vulnerabilities in WAGO PFC200 and PFC100
Published: December 17, 2019 Updated: March 6, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2019-5081)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the iocheckd service "I/O-Check" functionality within the ReadPCBManuNum message processing code. A remote attacker can send a specially crafted set of packets, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Missing Authentication for Critical Function (CVE-ID: CVE-2019-5077)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an insufficient authentication mechanism in the iocheckd service "I/O-Check" functionality. A remote attacker can send a specially crafted set of packets which will overwrite the MAC Address stored persistently on the device, cause a denial of service, resulting in the device entering an error state where it ceases all network communications.
3) Missing Authentication for Critical Function (CVE-ID: CVE-2019-5080)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an insufficient authentication mechanism in the iocheckd service "I/O-Check" functionality within the factory restore procedure. A remote attacker can send a specially crafted packet, cause a denial of service condition and weaken credentials resulting in the default documented credentials being applied to the device.
4) Information disclosure (CVE-ID: CVE-2019-5073)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation in the iocheckd service "I/O-Check" functionality. A remote attacker can send a specially crafted set of packets, cause an external tool to fail and gain unauthorized access to sensitive information on the system.
5) Buffer overflow (CVE-ID: CVE-2019-5079)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the iocheckd service "I/O-Check" functionality within the ReadPSN message processing code. A remote attacker can send a specially crafted set of packets, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Missing Authentication for Critical Function (CVE-ID: CVE-2019-5078)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an insufficient authentication mechanism in the iocheckd service "I/O-Check" functionality. A remote attacker can send a specially crafted set of packets and cause a denial of service condition, resulting in the device entering an error state where it ceases all network communications.
7) Buffer overflow (CVE-ID: CVE-2019-5075)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in iocheckd service "I/O-Check" functionality in the command line utility "getcouplerdetails". A remote attacker can send a specially crafted set of packets, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Buffer overflow (CVE-ID: CVE-2019-5074)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the iocheckd service "I/O-Check" functionality when generating a response to the "BC_ProductLabel" message. A remote attacker can send a specially crafted set of packets, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Buffer overflow (CVE-ID: CVE-2019-5082)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the iocheckd service "I/O-Check" functionality within the ReadPCBManuNum message processing code. A remote attacker can send a specially crafted set of packets, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0873
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0869
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0872
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0862
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0871
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0870
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0864
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0863
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0874