CVE-2019-5179

Vulnerability

The vulnerability is a stack buffer overflow in the iocheckd service's "I/O-Check" functionality of WAGO PFC 200 controllers running firmware version 03.02.02(14). The service parses an XML cache file at /tmp/iocheckCache.xml, which is globally writable. The parsing of parameters in this file can cause a stack buffer overflow, leading to code execution. [1]

Exploitation

An attacker must have local access to the device or be able to write to the /tmp directory, as all users have write access. The attacker places a maliciously crafted XML file at /tmp/iocheckCache.xml. The vulnerability is triggered by sending the BC_SaveParameter message, which causes the iocheckd service to parse the cache file, resulting in a stack buffer overflow. [1]

Impact

Successful exploitation allows the attacker to achieve code execution on the device. The CVSS score is 8.8, indicating high impact on confidentiality, integrity, and availability. The attacker gains full control over the controller's functionality. [1]

Mitigation

As of the publication date, no fix has been released by WAGO. Users are advised to restrict access to the /tmp directory and limit network exposure of the controller. The vulnerability is not known to be listed in CISA's KEV. [1]