Details of VAR-202003-0691

ID

VAR-202003-0691

CVE

CVE-2019-5173

TITLE

WAGO PFC 200 In firmware OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-014926

DESCRIPTION

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands

Trust: 2.52

sources: NVD: CVE-2019-5173 // JVNDB: JVNDB-2019-014926 // CNVD: CNVD-2020-16845 // IVD: 8d31de5d-fe5d-4f4b-a573-0391d6016ce8 // IVD: 33a0abc6-23a0-4441-82a6-16b3b4f12d8d

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.4

sources: IVD: 8d31de5d-fe5d-4f4b-a573-0391d6016ce8 // IVD: 33a0abc6-23a0-4441-82a6-16b3b4f12d8d // CNVD: CNVD-2020-16845

AFFECTED PRODUCTS

vendor:	wago	model:	pfc200	scope:	eq	version:	03.02.02(14)	Trust: 1.4
vendor:	wago	model:	pfc200	scope:	eq	version:	03.02.02\(14\)	Trust: 1.0
vendor:	pfc200	model:	-	scope:	eq	version:	03.02.02(14)	Trust: 0.4

sources: IVD: 8d31de5d-fe5d-4f4b-a573-0391d6016ce8 // IVD: 33a0abc6-23a0-4441-82a6-16b3b4f12d8d // CNVD: CNVD-2020-16845 // JVNDB: JVNDB-2019-014926 // NVD: CVE-2019-5173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5173
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014926
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-16845
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202003-331
value:	HIGH
Trust: 0.6
IVD:	8d31de5d-fe5d-4f4b-a573-0391d6016ce8
value:	HIGH
Trust: 0.2
IVD:	33a0abc6-23a0-4441-82a6-16b3b4f12d8d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-5173
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014926
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-16845
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	8d31de5d-fe5d-4f4b-a573-0391d6016ce8
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	33a0abc6-23a0-4441-82a6-16b3b4f12d8d
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-5173
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014926
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 8d31de5d-fe5d-4f4b-a573-0391d6016ce8 // IVD: 33a0abc6-23a0-4441-82a6-16b3b4f12d8d // CNVD: CNVD-2020-16845 // JVNDB: JVNDB-2019-014926 // CNNVD: CNNVD-202003-331 // NVD: CVE-2019-5173

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-014926 // NVD: CVE-2019-5173

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-331

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-331

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014926

PATCH

title:

Top Page

url:

https://www.wago.com/us/

Trust: 0.8

sources: JVNDB: JVNDB-2019-014926

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5173	Trust: 3.4
db:	TALOS	id:	TALOS-2019-0962	Trust: 3.0
db:	CNVD	id:	CNVD-2020-16845	Trust: 1.0
db:	CNNVD	id:	CNNVD-202003-331	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-014926	Trust: 0.8
db:	IVD	id:	8D31DE5D-FE5D-4F4B-A573-0391D6016CE8	Trust: 0.2
db:	IVD	id:	33A0ABC6-23A0-4441-82A6-16B3B4F12D8D	Trust: 0.2

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2019-0962	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5173	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5173	Trust: 0.8

sources: CNVD: CNVD-2020-16845 // JVNDB: JVNDB-2019-014926 // CNNVD: CNNVD-202003-331 // NVD: CVE-2019-5173

SOURCES

db:	IVD	id:	8d31de5d-fe5d-4f4b-a573-0391d6016ce8
db:	IVD	id:	33a0abc6-23a0-4441-82a6-16b3b4f12d8d
db:	CNVD	id:	CNVD-2020-16845
db:	JVNDB	id:	JVNDB-2019-014926
db:	CNNVD	id:	CNNVD-202003-331
db:	NVD	id:	CVE-2019-5173

LAST UPDATE DATE

2024-11-23T21:59:27.871000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-16845	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014926	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-331	date:	2020-03-18T00:00:00
db:	NVD	id:	CVE-2019-5173	date:	2024-11-21T04:44:29.397

SOURCES RELEASE DATE

db:	IVD	id:	8d31de5d-fe5d-4f4b-a573-0391d6016ce8	date:	2020-03-09T00:00:00
db:	IVD	id:	33a0abc6-23a0-4441-82a6-16b3b4f12d8d	date:	2020-03-09T00:00:00
db:	CNVD	id:	CNVD-2020-16845	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014926	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-331	date:	2020-03-09T00:00:00
db:	NVD	id:	CVE-2019-5173	date:	2020-03-11T23:15:11.620