CVE-2019-5167
Description
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name= using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection in WAGO PFC 200 iocheckd service allows local attackers to execute arbitrary OS commands as root via a crafted XML cache file.
Vulnerability
The iocheckd service in WAGO PFC 200 firmware version 03.02.02(14) contains a command injection vulnerability in the "I/O-Check" function. The service parses a cache file at /tmp/iocheckCache.xml, which is globally writable. During parsing, the value of the dns node is extracted and used unsanitized in a sprintf() call to construct a command string that is subsequently executed via system(). There is no limit on the number of DNS entries processed, allowing multiple injections. [1]
Exploitation
An attacker with local access to the device can write a malicious XML file to /tmp/iocheckCache.xml. By sending a BC_SaveParameter message, the iocheckd service is triggered to parse the file. The crafted dns node value contains OS command injection payloads, which are executed with root privileges. No authentication beyond file write access is required. [1]
Impact
Successful exploitation allows an attacker to execute arbitrary OS commands as the root user, resulting in full compromise of the device. This includes complete loss of confidentiality, integrity, and availability (CVSS 8.8). The attacker escalates from a low-privileged user to root. [1]
Mitigation
The available reference does not specify a fixed firmware version. Users should restrict write access to /tmp and monitor for firmware updates from WAGO. If no update is available, consider network segmentation and limiting local access to trusted users only. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: version 03.02.02(14)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2019-0962mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.