CVE-2019-5135
N/A
N/A
Summary
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wago | WAGO PFC200 Firmware | version 03.00.39(12) | affected |
| Wago | WAGO PFC200 Firmware | version 03.01.07(13) | affected |
| Wago | WAGO PFC100 Firmware | version 03.00.39(12) | affected |
Weaknesses
- information disclosure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.