#VU23638 Missing Authentication for Critical Function in Wago PFC200 Controller and WAGO PFC100 Controller - CVE-2019-5080
Published: December 17, 2019
Vulnerability identifier: #VU23638
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-5080
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Wago PFC200 Controller
WAGO PFC100 Controller
Wago PFC200 Controller
WAGO PFC100 Controller
Software vendor:
WAGO
WAGO
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an insufficient authentication mechanism in the iocheckd service "I/O-Check" functionality within the factory restore procedure. A remote attacker can send a specially crafted packet, cause a denial of service condition and weaken credentials resulting in the default documented credentials being applied to the device.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.