CVE-2019-5080 Information

Description

An exploitable denial-of-service vulnerability exists in the iocheckd service \I/O-Check\ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0872

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.1