CVE-2019-5135
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).
Existe una vulnerabilidad de discrepancia de sincronización explotable en la funcionalidad de autenticación de la aplicación web Web-Based Management (WBM) en los controladores WAGO PFC100/200. La aplicación WBM hace uso de la función PHP crypt() que puede ser explotada para revelar credenciales de usuario en hash. Esto afecta a WAGO PFC200 versión de firmware 03.00.39(12) y versión 03.01.07(13), y WAGO PFC100 versión de firmware 03.00.39(12).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2020-03-10 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wago Search vendor "Wago" | Pfc200 Firmware Search vendor "Wago" for product "Pfc200 Firmware" | 03.00.39\(12\) Search vendor "Wago" for product "Pfc200 Firmware" and version "03.00.39\(12\)" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc200 Search vendor "Wago" for product "Pfc200" | - | - |
Safe
|
Wago Search vendor "Wago" | Pfc200 Firmware Search vendor "Wago" for product "Pfc200 Firmware" | 03.01.07\(13\) Search vendor "Wago" for product "Pfc200 Firmware" and version "03.01.07\(13\)" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc200 Search vendor "Wago" for product "Pfc200" | - | - |
Safe
|
Wago Search vendor "Wago" | Pfc100 Firmware Search vendor "Wago" for product "Pfc100 Firmware" | 03.00.39\(12\) Search vendor "Wago" for product "Pfc100 Firmware" and version "03.00.39\(12\)" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc100 Search vendor "Wago" for product "Pfc100" | - | - |
Safe
|