cvelistv5 - cve-2019-5135

CVE-2019-5135 (GCVE-0-2019-5135)

Vulnerability from cvelistv5 – Published: 2020-03-10 21:59 – Updated: 2024-08-04 19:47

Summary

Severity ?

No CVSS data available.

CWE

information disclosure

Assigner

talos

References

URL

Tags

https://talosintelligence.com/vulnerability_repor…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Wago

WAGO PFC200 Firmware

Affected: version 03.00.39(12)
Affected: version 03.01.07(13)

Wago

WAGO PFC100 Firmware

Affected: version 03.00.39(12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:47:55.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WAGO PFC200 Firmware",
          "vendor": "Wago",
          "versions": [
            {
              "status": "affected",
              "version": "version 03.00.39(12)"
            },
            {
              "status": "affected",
              "version": "version 03.01.07(13)"
            }
          ]
        },
        {
          "product": "WAGO PFC100 Firmware",
          "vendor": "Wago",
          "versions": [
            {
              "status": "affected",
              "version": "version 03.00.39(12)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-10T21:59:31",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2019-5135",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WAGO PFC200 Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 03.00.39(12)"
                          },
                          {
                            "version_value": "version 03.01.07(13)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "WAGO PFC100 Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 03.00.39(12)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wago"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2019-5135",
    "datePublished": "2020-03-10T21:59:31",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:47:55.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc200_firmware:03.00.39\\\\(12\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"634EB95B-254B-4310-9192-5EE98F915CC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc200_firmware:03.01.07\\\\(13\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDEB63D9-EE1C-4005-B04C-7C9BBD746402\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"688A3248-7EAA-499D-A47C-A4D4900CDBD1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc100_firmware:03.00.39\\\\(12\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C1CFEE5-22F8-44D1-94D2-5AF753F0559E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F636354-95A2-4B36-9666-1FA57F185432\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de discrepancia de sincronizaci\\u00f3n  explotable en la funcionalidad de autenticaci\\u00f3n de la aplicaci\\u00f3n web Web-Based Management (WBM) en los controladores WAGO PFC100/200. La aplicaci\\u00f3n WBM hace uso de la funci\\u00f3n PHP crypt() que puede ser explotada para revelar credenciales de usuario en hash. Esto afecta a WAGO PFC200 versi\\u00f3n de firmware 03.00.39(12) y versi\\u00f3n 03.01.07(13), y WAGO PFC100 versi\\u00f3n de firmware 03.00.39(12).\"}]",
      "id": "CVE-2019-5135",
      "lastModified": "2024-11-21T04:44:25.020",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-03-11T22:27:40.253",
      "references": "[{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5135\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2020-03-11T22:27:40.253\",\"lastModified\":\"2024-11-21T04:44:25.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de discrepancia de sincronizaci\u00f3n  explotable en la funcionalidad de autenticaci\u00f3n de la aplicaci\u00f3n web Web-Based Management (WBM) en los controladores WAGO PFC100/200. La aplicaci\u00f3n WBM hace uso de la funci\u00f3n PHP crypt() que puede ser explotada para revelar credenciales de usuario en hash. Esto afecta a WAGO PFC200 versi\u00f3n de firmware 03.00.39(12) y versi\u00f3n 03.01.07(13), y WAGO PFC100 versi\u00f3n de firmware 03.00.39(12).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc200_firmware:03.00.39\\\\(12\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"634EB95B-254B-4310-9192-5EE98F915CC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc200_firmware:03.01.07\\\\(13\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDEB63D9-EE1C-4005-B04C-7C9BBD746402\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"688A3248-7EAA-499D-A47C-A4D4900CDBD1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc100_firmware:03.00.39\\\\(12\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C1CFEE5-22F8-44D1-94D2-5AF753F0559E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F636354-95A2-4B36-9666-1FA57F185432\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]}]}}"
  }
}

GHSA-PGQ5-F878-VWPF

Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-11T22:27:00Z",
    "severity": "MODERATE"
  },
  "details": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).",
  "id": "GHSA-pgq5-f878-vwpf",
  "modified": "2022-05-24T17:10:48Z",
  "published": "2022-05-24T17:10:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5135"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2019-5135

Vulnerability from fkie_nvd - Published: 2020-03-11 22:27 - Updated: 2024-11-21 04:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924	Exploit, Mitigation, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924	Exploit, Mitigation, Third Party Advisory

Impacted products

Vendor	Product	Version
wago	pfc200_firmware	03.00.39\(12\)
wago	pfc200_firmware	03.01.07\(13\)
wago	pfc200	-
wago	pfc100_firmware	03.00.39\(12\)
wago	pfc100	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:pfc200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "634EB95B-254B-4310-9192-5EE98F915CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:wago:pfc200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EDEB63D9-EE1C-4005-B04C-7C9BBD746402",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:pfc100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1CFEE5-22F8-44D1-94D2-5AF753F0559E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12)."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de discrepancia de sincronizaci\u00f3n  explotable en la funcionalidad de autenticaci\u00f3n de la aplicaci\u00f3n web Web-Based Management (WBM) en los controladores WAGO PFC100/200. La aplicaci\u00f3n WBM hace uso de la funci\u00f3n PHP crypt() que puede ser explotada para revelar credenciales de usuario en hash. Esto afecta a WAGO PFC200 versi\u00f3n de firmware 03.00.39(12) y versi\u00f3n 03.01.07(13), y WAGO PFC100 versi\u00f3n de firmware 03.00.39(12)."
    }
  ],
  "id": "CVE-2019-5135",
  "lastModified": "2024-11-21T04:44:25.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-11T22:27:40.253",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202003-0675

Vulnerability from variot - Updated: 2023-12-18 13:37

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12). WAGO PFC100 and PFC200 There is a vulnerability related to information leakage due to the difference in response to security-related processing.Information may be obtained. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) of the German WAGO company

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0675",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "pfc200",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "wago",
        "version": "03.01.07(13)"
      },
      {
        "model": "pfc200",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "wago",
        "version": "03.00.39(12)"
      },
      {
        "model": "pfc100",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "wago",
        "version": "03.00.39(12)"
      },
      {
        "model": "pfc100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wago",
        "version": "03.00.39\\(12\\)"
      },
      {
        "model": "pfc200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wago",
        "version": "03.01.07\\(13\\)"
      },
      {
        "model": "pfc200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wago",
        "version": "03.00.39\\(12\\)"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "pfc200",
        "version": "03.00.39(12)"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "pfc200",
        "version": "03.01.07(13)"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "pfc100",
        "version": "03.00.39(12)"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
      },
      {
        "db": "IVD",
        "id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5135"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5135"
      }
    ]
  },
  "cve": "CVE-2019-5135",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014894",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-17497",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "d76ec9c3-0538-43bd-9a04-3266577faeac",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014894",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-5135",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014894",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-17497",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-357",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "d76ec9c3-0538-43bd-9a04-3266577faeac",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
      },
      {
        "db": "IVD",
        "id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-357"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12). WAGO PFC100 and PFC200 There is a vulnerability related to information leakage due to the difference in response to security-related processing.Information may be obtained. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) of the German WAGO company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5135"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      },
      {
        "db": "IVD",
        "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
      },
      {
        "db": "IVD",
        "id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5135",
        "trust": 3.4
      },
      {
        "db": "TALOS",
        "id": "TALOS-2019-0924",
        "trust": 2.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17497",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-357",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "F2A4A6CD-D1D6-4070-B77F-FE0839BA6814",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "D76EC9C3-0538-43BD-9A04-3266577FAEAC",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
      },
      {
        "db": "IVD",
        "id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-357"
      }
    ]
  },
  "id": "VAR-202003-0675",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
      },
      {
        "db": "IVD",
        "id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      }
    ],
    "trust": 1.65716723
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.4
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
      },
      {
        "db": "IVD",
        "id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:37:55.873000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "PFC200 Controller",
        "trust": 0.8,
        "url": "https://www.wago.com/us/pfc200"
      },
      {
        "title": "PFC100 Controller",
        "trust": 0.8,
        "url": "https://www.wago.com/us/pfc100"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-203",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5135"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0924"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5135"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5135"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-357"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
      },
      {
        "db": "IVD",
        "id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-357"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-09T00:00:00",
        "db": "IVD",
        "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
      },
      {
        "date": "2020-03-09T00:00:00",
        "db": "IVD",
        "id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
      },
      {
        "date": "2020-03-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      },
      {
        "date": "2020-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      },
      {
        "date": "2020-03-11T22:27:40.253000",
        "db": "NVD",
        "id": "CVE-2019-5135"
      },
      {
        "date": "2020-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-357"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17497"
      },
      {
        "date": "2020-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2019-5135"
      },
      {
        "date": "2020-03-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-357"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-357"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WAGO PFC100 and  PFC200 Vulnerability related to information leakage caused by different responses to security-related processing in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014894"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "IVD",
        "id": "f2a4a6cd-d1d6-4070-b77f-fe0839ba6814"
      },
      {
        "db": "IVD",
        "id": "d76ec9c3-0538-43bd-9a04-3266577faeac"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-357"
      }
    ],
    "trust": 1.0
  }
}

CNVD-2020-17497

Vulnerability from cnvd - Published: 2020-03-18

Title

WAGO PFC100和WAGO PFC 200存在未明漏洞（CNVD-2020-17497）

Description

WAGO PFC 200和WAGO PFC100都是德国WAGO公司的一款可编程逻辑控制器（PLC）。使用03.00.39(12)和03.01.07(13)版本固件的WAGO PFC 200和使用03.00.39(12)版本固件的PFC100中的Web-Based Management Web应用程序存在安全漏洞。攻击者可利用该漏洞获取被散列的用户凭证

Severity

中

Formal description

目前厂商尚未提供相关漏洞补丁链接，请关注厂商主页随时更新： https://www.wago.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-5135

Impacted products

Name
['WAGO PFC200 03.01.07(13)', 'WAGO PFC200 03.00.39(12)', 'WAGO PFC100 03.00.39(12)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5135"
    }
  },
  "description": "WAGO PFC 200\u548cWAGO PFC100\u90fd\u662f\u5fb7\u56fdWAGO\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u3002\n\n\u4f7f\u752803.00.39(12)\u548c03.01.07(13)\u7248\u672c\u56fa\u4ef6\u7684WAGO PFC 200\u548c\u4f7f\u752803.00.39(12)\u7248\u672c\u56fa\u4ef6\u7684PFC100\u4e2d\u7684Web-Based Management Web\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u88ab\u6563\u5217\u7684\u7528\u6237\u51ed\u8bc1",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u968f\u65f6\u66f4\u65b0\uff1a\r\nhttps://www.wago.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-17497",
  "openTime": "2020-03-18",
  "products": {
    "product": [
      "WAGO PFC200 03.01.07(13)",
      "WAGO PFC200 03.00.39(12)",
      "WAGO PFC100 03.00.39(12)"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5135",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-12",
  "title": "WAGO PFC100\u548cWAGO PFC 200\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2020-17497\uff09"
}

GSD-2019-5135

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-5135

Aliases

CVE-2019-5135

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5135",
    "description": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).",
    "id": "GSD-2019-5135"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5135"
      ],
      "details": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).",
      "id": "GSD-2019-5135",
      "modified": "2023-12-13T01:23:55.040095Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "ID": "CVE-2019-5135",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WAGO PFC200 Firmware",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "version 03.00.39(12)"
                        },
                        {
                          "version_value": "version 03.01.07(13)"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WAGO PFC100 Firmware",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "version 03.00.39(12)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Wago"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "information disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2019-5135"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-327"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-03-11T22:27Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5135 (GCVE-0-2019-5135)

GHSA-PGQ5-F878-VWPF

FKIE_CVE-2019-5135

VAR-202003-0675

CNVD-2020-17497

GSD-2019-5135

Tags

Sightings

Nomenclature