5.3

CVE-2019-5135

Exploit

EPSS 0.16%
Veröffentlicht 11.03.2020 22:27:40
Zuletzt bearbeitet 21.11.2024 04:44:25
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wago ≫ Pfc200 Firmware Version03.00.39(12)

Wago ≫ Pfc200 Version-

Wago ≫ Pfc200 Firmware Version03.01.07(13)

Wago ≫ Pfc200 Version-

Wago ≫ Pfc100 Firmware Version03.00.39(12)

Wago ≫ Pfc100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.341

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2019-5135

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5135

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5135

EUVD