CVE-2019-5168

HIGH Year: 2019
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-78
View all →

Vulnerability Description

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=<contents of domainname node> using sprintf().This command is later executed via a call to system().

Related Vulnerabilities

CVE-2013-0517

HIGH
CVSS:7.8(High)

A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute ar...

CWE-782013

CVE-2015-6396

HIGH
CVSS:7.8(High)

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161...

CWE-782015

CVE-2016-10320

HIGH
CVSS:7.8(High)

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.

CWE-782016

CVE-2016-1339

HIGH
CVSS:7.8(High)

Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux688...

CWE-782016

CVE-2016-4853

HIGH
CVSS:7.8(High)

AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.

CWE-782016

CVE-2016-6065

HIGH
CVSS:7.8(High)

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.

CWE-782016