Sign-up

ID

VAR-201910-0872


CVE

CVE-2019-18202


TITLE

WAGO Series PFC100 and PFC200 Vulnerability related to externally controllable references to other domain resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-011220

DESCRIPTION

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. WAGO Series PFC100 and PFC200 The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. WAGO Series PFC100 and WAGO Series PFC200 are both programmable logic controllers from German WAGO company

Trust: 2.34

sources: NVD: CVE-2019-18202 // JVNDB: JVNDB-2019-011220 // CNVD: CNVD-2019-36938 // IVD: 9e1b1036-beb0-4ef4-8a24-7c7af0ec364a

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 9e1b1036-beb0-4ef4-8a24-7c7af0ec364a // CNVD: CNVD-2019-36938

AFFECTED PRODUCTS

vendor:wagomodel:pfcscope:ltversion:03.00.35\(12\)

Trust: 1.0

vendor:wagomodel:pfc100scope:ltversion:fw12

Trust: 0.8

vendor:wagomodel:pfc200scope:ltversion:fw12

Trust: 0.8

vendor:wagomodel:series pfc100scope: - version: -

Trust: 0.6

vendor:wagomodel:series pfc200scope: - version: -

Trust: 0.6

vendor:pfc100model: - scope:eqversion:750-8101/000-010

Trust: 0.2

vendor:pfc100model: - scope:eqversion:750-8101/025-000

Trust: 0.2

vendor:pfc200model: - scope:eqversion:750-8102/025-000

Trust: 0.2

sources: IVD: 9e1b1036-beb0-4ef4-8a24-7c7af0ec364a // CNVD: CNVD-2019-36938 // JVNDB: JVNDB-2019-011220 // NVD: CVE-2019-18202

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18202
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2019-18202
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18202
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-36938
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-1241
value: MEDIUM

Trust: 0.6

IVD: 9e1b1036-beb0-4ef4-8a24-7c7af0ec364a
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-18202
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-36938
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9e1b1036-beb0-4ef4-8a24-7c7af0ec364a
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-18202
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-18202
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-18202
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 9e1b1036-beb0-4ef4-8a24-7c7af0ec364a // CNVD: CNVD-2019-36938 // JVNDB: JVNDB-2019-011220 // CNNVD: CNNVD-201910-1241 // NVD: CVE-2019-18202 // NVD: CVE-2019-18202

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-610

Trust: 0.8

sources: JVNDB: JVNDB-2019-011220 // NVD: CVE-2019-18202

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1241

TYPE

other

Trust: 0.8

sources: IVD: 9e1b1036-beb0-4ef4-8a24-7c7af0ec364a // CNNVD: CNNVD-201910-1241

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011220

PATCH
title:Top Pageurl:https://www.wago.com/us/
Trust: 0.8
title:Patch for WAGO Series PFC100 and WAGO Series PFC200 Improper Access Control Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/186775
Trust: 0.6
title:WAGO Series PFC100  and WAGO Series PFC200 Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=100674
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36938 // 
            
            
            
            JVNDB: JVNDB-2019-011220 // 
            
            
            
            CNNVD: CNNVD-201910-1241

EXTERNAL IDS
db:NVDid:CVE-2019-18202
Trust: 3.2
db:CERT@VDEid:VDE-2019-017
Trust: 3.0
db:CNVDid:CNVD-2019-36938
Trust: 0.8
db:CNNVDid:CNNVD-201910-1241
Trust: 0.8
db:JVNDBid:JVNDB-2019-011220
Trust: 0.8
db:IVDid:9E1B1036-BEB0-4EF4-8A24-7C7AF0EC364A
Trust: 0.2
sources:
            
            
            IVD: 9e1b1036-beb0-4ef4-8a24-7c7af0ec364a // 
            
            
            
            CNVD: CNVD-2019-36938 // 
            
            
            
            JVNDB: JVNDB-2019-011220 // 
            
            
            
            CNNVD: CNNVD-201910-1241 // 
            
            
            
            NVD: CVE-2019-18202

REFERENCES
url:https://cert.vde.com/de-de/advisories/vde-2019-017
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-18202
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18202
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-36938 // 
            
            
            
            JVNDB: JVNDB-2019-011220 // 
            
            
            
            CNNVD: CNNVD-201910-1241 // 
            
            
            
            NVD: CVE-2019-18202

SOURCES
db:IVDid:9e1b1036-beb0-4ef4-8a24-7c7af0ec364a
db:CNVDid:CNVD-2019-36938
db:JVNDBid:JVNDB-2019-011220
db:CNNVDid:CNNVD-201910-1241
db:NVDid:CVE-2019-18202

LAST UPDATE DATE
2024-11-23T23:11:42.448000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36938date:2019-10-24T00:00:00
db:JVNDBid:JVNDB-2019-011220date:2019-10-30T00:00:00
db:CNNVDid:CNNVD-201910-1241date:2023-03-14T00:00:00
db:NVDid:CVE-2019-18202date:2024-11-21T04:32:49.313

SOURCES RELEASE DATE
db:IVDid:9e1b1036-beb0-4ef4-8a24-7c7af0ec364adate:2019-10-24T00:00:00
db:CNVDid:CNVD-2019-36938date:2019-10-24T00:00:00
db:JVNDBid:JVNDB-2019-011220date:2019-10-30T00:00:00
db:CNNVDid:CNNVD-201910-1241date:2019-10-18T00:00:00
db:NVDid:CVE-2019-18202date:2019-10-19T01:15:10.467