VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 11, 2020· Updated Aug 4, 2024

CVE-2019-5176

CVE-2019-5176

Description

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stack buffer overflow in WAGO PFC200 iocheckd allows code execution via crafted cache file.

Vulnerability

The WAGO PFC 200 firmware version 03.02.02(14) contains a stack buffer overflow in the iocheckd service's "I/O-Check" functionality. The vulnerability occurs when parsing the /tmp/iocheckCache.xml file. Specifically, the sprintf() call overflows the destination buffer sp+0x40 when a gateway value exceeds 512 minus the length of the prefix string /etc/config-tools/config_default_gateway number=0 state=enabled value= [1].

Exploitation

An attacker with local access can write a specially crafted XML file to the globally writable path /tmp/iocheckCache.xml. Then, by sending a BC_SaveParameter message, the iocheckd service parses the malformed cache file, triggering the overflow. No authentication is required beyond the ability to write to /tmp and send network commands locally [1].

Impact

Successful exploitation leads to a stack buffer overflow, which can allow an attacker to achieve code execution with high privileges. The CVSSv3 score is 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating a complete compromise of confidentiality, integrity, and availability [1].

Mitigation

A fixed firmware version has not been disclosed in the available references [1]. Users should monitor WAGO's advisory and update to the latest firmware when available. No workaround is documented.

References
  1. TALOS-2019-0963 || Cisco Talos Intelligence Group

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • Wago/PFC200cpe-rescue
    Range: Firmware version 03.02.02(14)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.