CVE Vulnerability

CVE-2019-5161

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges.

9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0954 Exploit Mitigation
Configurations

Configuration 1
Information

Published : 2020-03-11 10:27

Updated : 2020-03-13 10:16

NVD link : CVE-2019-5161

Mitre link : CVE-2019-5161

Products Affected

Pfc200

Pfc200 Firmware

Wago

CWE
CWE-345