Details of VAR-202003-0690

ID

VAR-202003-0690

CVE

CVE-2019-5172

TITLE

WAGO PFC 200 In firmware OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-014925

DESCRIPTION

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d=<contents of ntp node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands

Trust: 2.52

sources: NVD: CVE-2019-5172 // JVNDB: JVNDB-2019-014925 // CNVD: CNVD-2020-16846 // IVD: 5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5 // IVD: 54c71273-2e49-4b24-8dd3-5afd84ef1d81

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.4

sources: IVD: 5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5 // IVD: 54c71273-2e49-4b24-8dd3-5afd84ef1d81 // CNVD: CNVD-2020-16846

AFFECTED PRODUCTS

vendor:	wago	model:	pfc200	scope:	eq	version:	03.02.02(14)	Trust: 1.4
vendor:	wago	model:	pfc200	scope:	eq	version:	03.02.02\(14\)	Trust: 1.0
vendor:	pfc200	model:	-	scope:	eq	version:	03.02.02(14)	Trust: 0.4

sources: IVD: 5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5 // IVD: 54c71273-2e49-4b24-8dd3-5afd84ef1d81 // CNVD: CNVD-2020-16846 // JVNDB: JVNDB-2019-014925 // NVD: CVE-2019-5172

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5172
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014925
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-16846
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202003-336
value:	HIGH
Trust: 0.6
IVD:	5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5
value:	HIGH
Trust: 0.2
IVD:	54c71273-2e49-4b24-8dd3-5afd84ef1d81
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-5172
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014925
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-16846
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	54c71273-2e49-4b24-8dd3-5afd84ef1d81
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-5172
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014925
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5 // IVD: 54c71273-2e49-4b24-8dd3-5afd84ef1d81 // CNVD: CNVD-2020-16846 // JVNDB: JVNDB-2019-014925 // CNNVD: CNNVD-202003-336 // NVD: CVE-2019-5172

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-014925 // NVD: CVE-2019-5172

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-336

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-336

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014925

PATCH

title:

Top Page

url:

https://www.wago.com/us/

Trust: 0.8

sources: JVNDB: JVNDB-2019-014925

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5172	Trust: 3.4
db:	TALOS	id:	TALOS-2019-0962	Trust: 3.0
db:	CNVD	id:	CNVD-2020-16846	Trust: 1.0
db:	CNNVD	id:	CNNVD-202003-336	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-014925	Trust: 0.8
db:	IVD	id:	5DC15F03-AAF7-4B7A-9C5E-6A4C6D2A59D5	Trust: 0.2
db:	IVD	id:	54C71273-2E49-4B24-8DD3-5AFD84EF1D81	Trust: 0.2

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2019-0962	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5172	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5172	Trust: 0.8

sources: CNVD: CNVD-2020-16846 // JVNDB: JVNDB-2019-014925 // CNNVD: CNNVD-202003-336 // NVD: CVE-2019-5172

SOURCES

db:	IVD	id:	5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5
db:	IVD	id:	54c71273-2e49-4b24-8dd3-5afd84ef1d81
db:	CNVD	id:	CNVD-2020-16846
db:	JVNDB	id:	JVNDB-2019-014925
db:	CNNVD	id:	CNNVD-202003-336
db:	NVD	id:	CVE-2019-5172

LAST UPDATE DATE

2024-11-23T21:59:28.009000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-16846	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014925	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-336	date:	2020-03-18T00:00:00
db:	NVD	id:	CVE-2019-5172	date:	2024-11-21T04:44:29.287

SOURCES RELEASE DATE

db:	IVD	id:	5dc15f03-aaf7-4b7a-9c5e-6a4c6d2a59d5	date:	2020-03-09T00:00:00
db:	IVD	id:	54c71273-2e49-4b24-8dd3-5afd84ef1d81	date:	2020-03-09T00:00:00
db:	CNVD	id:	CNVD-2020-16846	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014925	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-336	date:	2020-03-09T00:00:00
db:	NVD	id:	CVE-2019-5172	date:	2020-03-11T23:15:11.560