CVE-2019-5080 in PFC100
Summary
by MITRE
An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/16/2024
The vulnerability identified as CVE-2019-5080 represents a critical denial-of-service weakness within the iocheckd service of WAGO PFC 200 and PFC100 industrial control devices. This flaw resides in the I/O-Check functionality that is designed to monitor and verify input/output operations within industrial automation environments. The vulnerability manifests when a single unauthenticated packet is transmitted to the affected devices, causing immediate system disruption. The technical implementation of this service appears to lack proper input validation mechanisms, allowing malformed or specially crafted packets to trigger unexpected behavior in the device's operational stack. This weakness directly violates security principles by permitting unauthorized users to disrupt critical industrial processes without requiring authentication credentials.
The operational impact of this vulnerability extends beyond simple service disruption to include credential weakening mechanisms that expose devices to further compromise. When exploited, the vulnerability results in the default documented credentials being applied to the affected device, effectively resetting security configurations to their factory defaults. This credential reset creates a significant security risk as it allows unauthorized parties to gain access to industrial control systems with known default passwords. The vulnerability affects specific firmware versions including WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12), indicating a widespread issue within these industrial control platforms. The attack vector requires only a single unauthenticated packet, making this vulnerability particularly dangerous in industrial environments where network security may be less stringent than in enterprise settings.
From a cybersecurity perspective, this vulnerability aligns with CWE-400, which covers "Uncontrolled Resource Consumption," as the service consumes resources in an uncontrolled manner leading to denial-of-service conditions. The weakness also relates to CWE-310, "Cryptographic Issues," since the credential weakening mechanism compromises the device's authentication security. The attack pattern follows ATT&CK technique T1499.001, "Endpoint Denial of Service," where adversaries target specific endpoints to disrupt operations. Additionally, the vulnerability demonstrates characteristics of T1566.002, "Phishing with Social Engineering," as it may be exploited through network-based attacks that require no prior access or credentials. The fundamental flaw in the iocheckd service implementation creates a persistent security gap that affects industrial control systems, potentially compromising operational technology environments where system availability and security are paramount.
Organizations should implement immediate mitigations including network segmentation to isolate affected devices from untrusted networks, deployment of intrusion detection systems to monitor for suspicious packet patterns, and regular firmware updates to address the underlying vulnerability. The default credentials should be changed immediately upon device deployment, and network access controls should be enforced to limit exposure to authorized personnel only. Device monitoring should include regular checks for unauthorized credential changes and service disruptions that could indicate exploitation attempts. The vulnerability highlights the critical need for proper input validation and resource management in industrial control systems, where traditional enterprise security measures may not adequately protect against network-based attacks targeting operational technology infrastructure.