Main Vulnerability Database Vulnerabilities #VU26258

#VU26258 Insufficient verification of data authenticity in Wago PFC200 Controller - CVE-2019-5161

Published: March 20, 2020

Vulnerability identifier: #VU26258

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-5161

CWE-ID: CWE-345

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Wago PFC200 Controller

Software vendor:
WAGO

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists within the Cloud Connectivity functionality due to the affected software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. A remote administrator can use a specially crafted XML file and execute a shell script with root privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0954

#VU26258 Insufficient verification of data authenticity in Wago PFC200 Controller - CVE-2019-5161

Description

Remediation

External links

Please verify you're human