Details of VAR-202003-0692

ID

VAR-202003-0692

CVE

CVE-2019-5174

TITLE

WAGO PFC 200 In firmware OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-014927

DESCRIPTION

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=<contents of subnetmask node> using sprintf(). This command is later executed via a call to system(). (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data. An attacker could use this vulnerability to execute illegal operating system commands

Trust: 2.52

sources: NVD: CVE-2019-5174 // JVNDB: JVNDB-2019-014927 // CNVD: CNVD-2020-16844 // IVD: 21a562c4-5f87-40e1-87bc-f2a2a7eed573 // IVD: 208ab9d6-2954-4e07-881e-503940c90652

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.4

sources: IVD: 21a562c4-5f87-40e1-87bc-f2a2a7eed573 // IVD: 208ab9d6-2954-4e07-881e-503940c90652 // CNVD: CNVD-2020-16844

AFFECTED PRODUCTS

vendor:	wago	model:	pfc200	scope:	eq	version:	03.02.02(14)	Trust: 1.4
vendor:	wago	model:	pfc200	scope:	eq	version:	03.02.02\(14\)	Trust: 1.0
vendor:	pfc200	model:	-	scope:	eq	version:	03.02.02(14)	Trust: 0.4

sources: IVD: 21a562c4-5f87-40e1-87bc-f2a2a7eed573 // IVD: 208ab9d6-2954-4e07-881e-503940c90652 // CNVD: CNVD-2020-16844 // JVNDB: JVNDB-2019-014927 // NVD: CVE-2019-5174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5174
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014927
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-16844
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202003-330
value:	HIGH
Trust: 0.6
IVD:	21a562c4-5f87-40e1-87bc-f2a2a7eed573
value:	HIGH
Trust: 0.2
IVD:	208ab9d6-2954-4e07-881e-503940c90652
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-5174
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014927
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-16844
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	21a562c4-5f87-40e1-87bc-f2a2a7eed573
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	208ab9d6-2954-4e07-881e-503940c90652
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-5174
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014927
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 21a562c4-5f87-40e1-87bc-f2a2a7eed573 // IVD: 208ab9d6-2954-4e07-881e-503940c90652 // CNVD: CNVD-2020-16844 // JVNDB: JVNDB-2019-014927 // CNNVD: CNNVD-202003-330 // NVD: CVE-2019-5174

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-014927 // NVD: CVE-2019-5174

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-330

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-330

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014927

PATCH

title:

Top Page

url:

https://www.wago.com/us/

Trust: 0.8

sources: JVNDB: JVNDB-2019-014927

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5174	Trust: 3.4
db:	TALOS	id:	TALOS-2019-0962	Trust: 3.0
db:	CNVD	id:	CNVD-2020-16844	Trust: 1.0
db:	CNNVD	id:	CNNVD-202003-330	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-014927	Trust: 0.8
db:	IVD	id:	21A562C4-5F87-40E1-87BC-F2A2A7EED573	Trust: 0.2
db:	IVD	id:	208AB9D6-2954-4E07-881E-503940C90652	Trust: 0.2

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2019-0962	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5174	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5174	Trust: 0.8

sources: CNVD: CNVD-2020-16844 // JVNDB: JVNDB-2019-014927 // CNNVD: CNNVD-202003-330 // NVD: CVE-2019-5174

SOURCES

db:	IVD	id:	21a562c4-5f87-40e1-87bc-f2a2a7eed573
db:	IVD	id:	208ab9d6-2954-4e07-881e-503940c90652
db:	CNVD	id:	CNVD-2020-16844
db:	JVNDB	id:	JVNDB-2019-014927
db:	CNNVD	id:	CNNVD-202003-330
db:	NVD	id:	CVE-2019-5174

LAST UPDATE DATE

2024-11-23T21:59:27.836000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-16844	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014927	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-330	date:	2020-03-18T00:00:00
db:	NVD	id:	CVE-2019-5174	date:	2024-11-21T04:44:29.510

SOURCES RELEASE DATE

db:	IVD	id:	21a562c4-5f87-40e1-87bc-f2a2a7eed573	date:	2020-03-09T00:00:00
db:	IVD	id:	208ab9d6-2954-4e07-881e-503940c90652	date:	2020-03-09T00:00:00
db:	CNVD	id:	CNVD-2020-16844	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-014927	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-330	date:	2020-03-09T00:00:00
db:	NVD	id:	CVE-2019-5174	date:	2020-03-11T23:15:11.700