CVE-2019-5149
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14).
La aplicación web WBM en WAGO PFC100 y PFC2000, versiones de firmware anteriores a las versiones 03.02.02 y 03.01.07 respectivamente, se ejecuta en un servidor web lighttpd y hace uso del módulo FastCGI, que está destinado a proporcionar un alto rendimiento para todas las aplicaciones de Internet sin las penalizaciones de las API del servidor web. Sin embargo, la configuración predeterminada de este módulo parece limitar el número de procesos concurrentes de php-cgi a dos, lo cual puede ser violado para causar una denegación de servicio de todo el servidor web. Esto afecta a WAGO PFC200 versión de firmware 03.00.39(12) y versión 03.01.07(13), y WAGO PFC100 versión de firmware 03.00.39(12) y versión 03.02.02(14).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2020-03-10 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2019-0939 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wago Search vendor "Wago" | Pfc200 Firmware Search vendor "Wago" for product "Pfc200 Firmware" | 03.00.39\(12\) Search vendor "Wago" for product "Pfc200 Firmware" and version "03.00.39\(12\)" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc200 Search vendor "Wago" for product "Pfc200" | - | - |
Safe
|
| Wago Search vendor "Wago" | Pfc200 Firmware Search vendor "Wago" for product "Pfc200 Firmware" | 03.01.07\(13\) Search vendor "Wago" for product "Pfc200 Firmware" and version "03.01.07\(13\)" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc200 Search vendor "Wago" for product "Pfc200" | - | - |
Safe
|
| Wago Search vendor "Wago" | Pfc100 Firmware Search vendor "Wago" for product "Pfc100 Firmware" | 03.00.39\(12\) Search vendor "Wago" for product "Pfc100 Firmware" and version "03.00.39\(12\)" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc100 Search vendor "Wago" for product "Pfc100" | - | - |
Safe
|
| Wago Search vendor "Wago" | Pfc100 Firmware Search vendor "Wago" for product "Pfc100 Firmware" | 03.01.07\(13\) Search vendor "Wago" for product "Pfc100 Firmware" and version "03.01.07\(13\)" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc100 Search vendor "Wago" for product "Pfc100" | - | - |
Safe
|