First published: Tue Mar 10 2020(Updated: )
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
WAGO PFC200 Firmware | =03.00.39\(12\) | |
WAGO PFC200 Firmware | =03.01.07\(13\) | |
WAGO PFC200 | ||
WAGO PFC100 Firmware | =03.00.39\(12\) | |
WAGO PFC100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5134 is an exploitable regular expression without anchors vulnerability in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12).
The severity of CVE-2019-5134 is high with a CVSS score of 7.5.
WAGO PFC200 versions 03.00.39(12) and 03.01.07(13) are affected by CVE-2019-5134.
Yes, WAGO PFC200 version 03.00.39(12) is vulnerable to CVE-2019-5134.
The regular expression without anchors vulnerability can be exploited by sending a specially crafted authentication request that bypasses the regular expression.