CVE-2019-5157
N/A
N/A
Summary
An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wago | WAGO PFC200 Firmware | version 03.02.02(14) | affected |
| Wago | WAGO PFC200 Firmware | version 03.01.07(13) | affected |
| Wago | WAGO PFC200 Firmware | version 03.00.39(12) | affected |
Weaknesses
- command injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.