CVE-2019-5174
Description
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask= using sprintf(). This command is later executed via a call to system().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection in WAGO PFC 200 iocheckd service allows local attackers to execute arbitrary OS commands as root via a crafted XML cache file.
Vulnerability
The iocheckd service in WAGO PFC 200 firmware version 03.02.02(14) contains a command injection vulnerability in the I/O-Check function. The service parses an XML cache file at /tmp/iocheckCache.xml, which is globally writable. The subnetmask value extracted from the XML is passed unsanitized to sprintf() and then executed via system() in the command /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=. This allows injection of arbitrary OS commands. [1]
Exploitation
An attacker must have local access to the device and the ability to write a specially crafted XML file to /tmp/iocheckCache.xml. All users have write permission to /tmp. The attacker then sends a BC_SaveParameter message to trigger parsing of the cache file. No authentication is required beyond local user access. The injected commands are executed with root privileges. [1]
Impact
Successful exploitation results in arbitrary OS command execution as the root user, leading to full compromise of the device. This includes disclosure of sensitive information, modification of system configuration, and potential denial of service. The CVSSv3 score is 8.8 (High) with scope change, indicating impact on confidentiality, integrity, and availability. [1]
Mitigation
As of the publication date (2020-03-11), no patch was available. Users should restrict local access to the device and monitor for unauthorized writes to /tmp/iocheckCache.xml. The vendor WAGO may have released a firmware update after this report; consult the vendor advisory for the latest fixed version. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: version 03.02.02(14)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2019-0962mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.