CVE-2019-5134

Summary

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.

Affected Software

VendorProductVersion RangeStatus
WagoWAGO PFC200 Firmwareversion 03.00.39(12)affected
WagoWAGO PFC200 Firmwareversion 03.01.07(13)affected
WagoWAGO PFC100 Firmwareversion 03.00.39(12)affected

Weaknesses

  • regular expression without anchors

ADP Enrichment

CVE Program Container

Additional References

References