What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-5149.

What is the severity of CVE-2019-5149?

The severity of CVE-2019-5149 is high with a score of 7.5.

Which WAGO devices are affected by this vulnerability?

The WAGO PFC100 and PFC2000 devices with firmwares prior to 03.02.02 and 03.01.07, respectively, are affected by this vulnerability.

What is the WBM web application used in this vulnerability?

The WBM web application is a web server running on lighttpd and makes use of the FastCGI module.

How can I fix CVE-2019-5149?

To fix CVE-2019-5149, update the firmware of the WAGO PFC100 and PFC2000 devices to version 03.02.02 and 03.01.07, respectively.

Vulnerability/
CVE-2019-5149

high

7.5

CWE

400

11/3/2020

13/3/2020

CVE-2019-5149

First published: Wed Mar 11 2020(Updated: )

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14).

Credit: talos-cna@cisco.com

Affected Software	Affected Version	How to fix
WAGO PFC200 Firmware	=03.00.39\(12\)
WAGO PFC200 Firmware	=03.01.07\(13\)
WAGO PFC200
WAGO PFC100 Firmware	=03.00.39\(12\)
WAGO PFC100 Firmware	=03.01.07\(13\)
WAGO PFC100

Never miss a vulnerability like this again

Reference Links

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0939

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-5149.
What is the severity of CVE-2019-5149?
The severity of CVE-2019-5149 is high with a score of 7.5.
Which WAGO devices are affected by this vulnerability?
The WAGO PFC100 and PFC2000 devices with firmwares prior to 03.02.02 and 03.01.07, respectively, are affected by this vulnerability.
What is the WBM web application used in this vulnerability?
The WBM web application is a web server running on lighttpd and makes use of the FastCGI module.
How can I fix CVE-2019-5149?
To fix CVE-2019-5149, update the firmware of the WAGO PFC100 and PFC2000 devices to version 03.02.02 and 03.01.07, respectively.

collector/nvd-index
vendor/wago
canonical/wago pfc200 firmware
version/wago pfc200 firmware/03.00.39\(12\)
version/wago pfc200 firmware/03.01.07\(13\)
canonical/wago pfc200
canonical/wago pfc100 firmware
version/wago pfc100 firmware/03.00.39\(12\)
version/wago pfc100 firmware/03.01.07\(13\)
canonical/wago pfc100

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.