An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924 | Exploit Mitigation Third Party Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924 | Exploit Mitigation Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 04:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924 - Exploit, Mitigation, Third Party Advisory |
Information
Published : 2020-03-11 22:27
Updated : 2024-11-21 04:44
NVD link : CVE-2019-5135
Mitre link : CVE-2019-5135
CVE.ORG link : CVE-2019-5135
JSON object : View
Products Affected
wago
- pfc100_firmware
- pfc100
- pfc200_firmware
- pfc200
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm