CVE-2019-5161

Critical

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14),…

talos·CWE-345·Published 2020-03-10

CVSS

9.1

EPSS

0.03

KEV

Exploits

cve.orgen

300 chars

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges.

NVDen

300 chars

NVDes

316 chars

Existe una vulnerabilidad de ejecución de código remota explotable en la funcionalidad Cloud Connectivity de WAGO PFC200 versiones 03.02.02(14), 03.01.07(13) y 03.00.39(12). Un archivo XML especialmente diseñado dirigirá el servicio Cloud Connectivity a descargar y ejecutar un script de shell con privilegios root.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.0	8.0	10.0	AV:N/AC:L/Au:S/C:C/I:C/A:C
3.1	Primary	NVD	9.1	2.3	6.0	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H