Vulnerabilities > CVE-2019-5134 - Unspecified vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wago

NVD

Published: 2020-03-11

Updated: 2020-08-24

Summary

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.

Vulnerable Configurations

Part	Description	Count
OS	Wago Wago Pfc200 Firmware 03.00.39\(12\) Wago Pfc200 Firmware 03.01.07\(13\) Wago Pfc100 Firmware 03.00.39\(12\)	3
Hardware	Wago Wago Pfc200 - Wago Pfc100 -	2

Talos

id	TALOS-2019-0924
last seen	2020-03-18
published	2020-03-09
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0924
title	WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability

id	TALOS-2019-0923
last seen	2020-03-18
published	2020-03-09
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0923
title	WAGO PFC100/200 Web-Based Management (WBM) Authentication Regex Information Disclosure Vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0923