Vulnerabilities > CVE-2019-5135 - Information Exposure Through Discrepancy vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Hardware | 2 |
Common Weakness Enumeration (CWE)
Talos
id | TALOS-2019-0924 |
last seen | 2020-03-18 |
published | 2020-03-09 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0924 |
title | WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability |