An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command.
                
            Metrics
Affected Vendors & Products
References
        History
                    No history.
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: talos
Published: 2020-03-10T23:14:34
Updated: 2024-08-04T19:47:56.664Z
Reserved: 2019-01-04T00:00:00
Link: CVE-2019-5156
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2020-03-11T22:27:40.817
Modified: 2024-11-21T04:44:27.447
Link: CVE-2019-5156
 Redhat
                        Redhat
                    No data.
 ReportizFlow
ReportizFlow