Sign-up

ID

VAR-202003-0678


CVE

CVE-2019-5156


TITLE

WAGO PFC 200 In OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-014977

DESCRIPTION

An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. WAGO PFC 200 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) of German WAGO company

Trust: 2.52

sources: NVD: CVE-2019-5156 // JVNDB: JVNDB-2019-014977 // CNVD: CNVD-2020-19519 // IVD: 769ff9a1-2cce-467c-9db4-bed545d61ccf // IVD: d31da0e1-ddee-4689-915a-172880949664

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.4

sources: IVD: 769ff9a1-2cce-467c-9db4-bed545d61ccf // IVD: d31da0e1-ddee-4689-915a-172880949664 // CNVD: CNVD-2020-19519

AFFECTED PRODUCTS

vendor:wagomodel:pfc200scope:eqversion:03.01.07(13)

Trust: 1.4

vendor:wagomodel:pfc200scope:eqversion:03.00.39(12)

Trust: 1.4

vendor:wagomodel:pfc200scope:eqversion:03.02.02(14)

Trust: 1.4

vendor:wagomodel:pfc200scope:eqversion:03.01.07\(13\)

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:03.02.02\(14\)

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:03.00.39\(12\)

Trust: 1.0

vendor:pfc200model: - scope:eqversion:03.00.39(12)

Trust: 0.4

vendor:pfc200model: - scope:eqversion:03.01.07(13)

Trust: 0.4

vendor:pfc200model: - scope:eqversion:03.02.02(14)

Trust: 0.4

sources: IVD: 769ff9a1-2cce-467c-9db4-bed545d61ccf // IVD: d31da0e1-ddee-4689-915a-172880949664 // CNVD: CNVD-2020-19519 // JVNDB: JVNDB-2019-014977 // NVD: CVE-2019-5156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5156
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014977
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-19519
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-325
value: HIGH

Trust: 0.6

IVD: 769ff9a1-2cce-467c-9db4-bed545d61ccf
value: HIGH

Trust: 0.2

IVD: d31da0e1-ddee-4689-915a-172880949664
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-5156
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014977
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19519
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 769ff9a1-2cce-467c-9db4-bed545d61ccf
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: d31da0e1-ddee-4689-915a-172880949664
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-5156
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014977
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 769ff9a1-2cce-467c-9db4-bed545d61ccf // IVD: d31da0e1-ddee-4689-915a-172880949664 // CNVD: CNVD-2020-19519 // JVNDB: JVNDB-2019-014977 // CNNVD: CNNVD-202003-325 // NVD: CVE-2019-5156

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-014977 // NVD: CVE-2019-5156

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-325

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014977

PATCH
title:Top Pageurl:https://www.wago.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-014977

EXTERNAL IDS
db:NVDid:CVE-2019-5156
Trust: 3.4
db:TALOSid:TALOS-2019-0949
Trust: 3.0
db:CNVDid:CNVD-2020-19519
Trust: 1.0
db:CNNVDid:CNNVD-202003-325
Trust: 1.0
db:JVNDBid:JVNDB-2019-014977
Trust: 0.8
db:IVDid:769FF9A1-2CCE-467C-9DB4-BED545D61CCF
Trust: 0.2
db:IVDid:D31DA0E1-DDEE-4689-915A-172880949664
Trust: 0.2
sources:
            
            
            IVD: 769ff9a1-2cce-467c-9db4-bed545d61ccf // 
            
            
            
            IVD: d31da0e1-ddee-4689-915a-172880949664 // 
            
            
            
            CNVD: CNVD-2020-19519 // 
            
            
            
            JVNDB: JVNDB-2019-014977 // 
            
            
            
            CNNVD: CNNVD-202003-325 // 
            
            
            
            NVD: CVE-2019-5156

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0949
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-5156
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5156
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-19519 // 
            
            
            
            JVNDB: JVNDB-2019-014977 // 
            
            
            
            CNNVD: CNNVD-202003-325 // 
            
            
            
            NVD: CVE-2019-5156

SOURCES
db:IVDid:769ff9a1-2cce-467c-9db4-bed545d61ccf
db:IVDid:d31da0e1-ddee-4689-915a-172880949664
db:CNVDid:CNVD-2020-19519
db:JVNDBid:JVNDB-2019-014977
db:CNNVDid:CNNVD-202003-325
db:NVDid:CVE-2019-5156

LAST UPDATE DATE
2024-11-23T23:01:30.628000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19519date:2020-03-25T00:00:00
db:JVNDBid:JVNDB-2019-014977date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-325date:2020-03-26T00:00:00
db:NVDid:CVE-2019-5156date:2024-11-21T04:44:27.447

SOURCES RELEASE DATE
db:IVDid:769ff9a1-2cce-467c-9db4-bed545d61ccfdate:2020-03-09T00:00:00
db:IVDid:d31da0e1-ddee-4689-915a-172880949664date:2020-03-09T00:00:00
db:CNVDid:CNVD-2020-19519date:2020-03-25T00:00:00
db:JVNDBid:JVNDB-2019-014977date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-325date:2020-03-09T00:00:00
db:NVDid:CVE-2019-5156date:2020-03-11T22:27:40.817