#VU23634 Missing Authentication for Critical Function in Wago PFC200 Controller and WAGO PFC100 Controller - CVE-2019-5078
Published: December 17, 2019
Vulnerability identifier: #VU23634
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-5078
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Wago PFC200 Controller
WAGO PFC100 Controller
Wago PFC200 Controller
WAGO PFC100 Controller
Software vendor:
WAGO
WAGO
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an insufficient authentication mechanism in the iocheckd service "I/O-Check" functionality. A remote attacker can send a specially crafted set of packets and cause a denial of service condition, resulting in the device entering an error state where it ceases all network communications.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.