Details of VAR-202003-0674

ID

VAR-202003-0674

CVE

CVE-2019-5134

TITLE

WAGO PFC200 and PFC100 Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014931

DESCRIPTION

An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure. WAGO PFC200 and PFC100 There is an information leakage vulnerability in.Information may be obtained. WAGO PFC 200 and WAGO PFC100 are both programmable logic controllers (PLCs) of the German WAGO company

Trust: 2.52

sources: NVD: CVE-2019-5134 // JVNDB: JVNDB-2019-014931 // CNVD: CNVD-2020-17489 // IVD: 2960ec90-977e-4f7d-9bda-fb967cfc7e0e // IVD: c98f890f-b3bd-4d36-a82e-f40bd61b2aa7

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.4

sources: IVD: 2960ec90-977e-4f7d-9bda-fb967cfc7e0e // IVD: c98f890f-b3bd-4d36-a82e-f40bd61b2aa7 // CNVD: CNVD-2020-17489

AFFECTED PRODUCTS

vendor:	wago	model:	pfc200	scope:	eq	version:	03.01.07(13)	Trust: 1.4
vendor:	wago	model:	pfc200	scope:	eq	version:	03.00.39(12)	Trust: 1.4
vendor:	wago	model:	pfc100	scope:	eq	version:	03.00.39(12)	Trust: 1.4
vendor:	wago	model:	pfc100	scope:	eq	version:	03.00.39\(12\)	Trust: 1.0
vendor:	wago	model:	pfc200	scope:	eq	version:	03.01.07\(13\)	Trust: 1.0
vendor:	wago	model:	pfc200	scope:	eq	version:	03.00.39\(12\)	Trust: 1.0
vendor:	pfc200	model:	-	scope:	eq	version:	03.00.39(12)	Trust: 0.4
vendor:	pfc200	model:	-	scope:	eq	version:	03.01.07(13)	Trust: 0.4
vendor:	pfc100	model:	-	scope:	eq	version:	03.00.39(12)	Trust: 0.4

sources: IVD: 2960ec90-977e-4f7d-9bda-fb967cfc7e0e // IVD: c98f890f-b3bd-4d36-a82e-f40bd61b2aa7 // CNVD: CNVD-2020-17489 // JVNDB: JVNDB-2019-014931 // NVD: CVE-2019-5134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5134
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014931
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-17489
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202003-363
value:	HIGH
Trust: 0.6
IVD:	2960ec90-977e-4f7d-9bda-fb967cfc7e0e
value:	HIGH
Trust: 0.2
IVD:	c98f890f-b3bd-4d36-a82e-f40bd61b2aa7
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-5134
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014931
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-17489
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2960ec90-977e-4f7d-9bda-fb967cfc7e0e
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	c98f890f-b3bd-4d36-a82e-f40bd61b2aa7
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-5134
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014931
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 2960ec90-977e-4f7d-9bda-fb967cfc7e0e // IVD: c98f890f-b3bd-4d36-a82e-f40bd61b2aa7 // CNVD: CNVD-2020-17489 // JVNDB: JVNDB-2019-014931 // CNNVD: CNNVD-202003-363 // NVD: CVE-2019-5134

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-014931 // NVD: CVE-2019-5134

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-363

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202003-363

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014931

PATCH

title:

Top Page

url:

https://www.wago.com/us/

Trust: 0.8

sources: JVNDB: JVNDB-2019-014931

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5134	Trust: 3.4
db:	TALOS	id:	TALOS-2019-0923	Trust: 3.0
db:	CNVD	id:	CNVD-2020-17489	Trust: 1.0
db:	CNNVD	id:	CNNVD-202003-363	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-014931	Trust: 0.8
db:	IVD	id:	2960EC90-977E-4F7D-9BDA-FB967CFC7E0E	Trust: 0.2
db:	IVD	id:	C98F890F-B3BD-4D36-A82E-F40BD61B2AA7	Trust: 0.2

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2019-0923	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5134	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5134	Trust: 0.8

sources: CNVD: CNVD-2020-17489 // JVNDB: JVNDB-2019-014931 // CNNVD: CNNVD-202003-363 // NVD: CVE-2019-5134

SOURCES

db:	IVD	id:	2960ec90-977e-4f7d-9bda-fb967cfc7e0e
db:	IVD	id:	c98f890f-b3bd-4d36-a82e-f40bd61b2aa7
db:	CNVD	id:	CNVD-2020-17489
db:	JVNDB	id:	JVNDB-2019-014931
db:	CNNVD	id:	CNNVD-202003-363
db:	NVD	id:	CVE-2019-5134

LAST UPDATE DATE

2024-11-23T21:51:37.897000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-17489	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-014931	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-363	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-5134	date:	2024-11-21T04:44:24.907

SOURCES RELEASE DATE

db:	IVD	id:	2960ec90-977e-4f7d-9bda-fb967cfc7e0e	date:	2020-03-09T00:00:00
db:	IVD	id:	c98f890f-b3bd-4d36-a82e-f40bd61b2aa7	date:	2020-03-09T00:00:00
db:	CNVD	id:	CNVD-2020-17489	date:	2020-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-014931	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-363	date:	2020-03-09T00:00:00
db:	NVD	id:	CVE-2019-5134	date:	2020-03-11T22:27:40.177