#VU21973 External control of file name or path in WAGO products - CVE-2019-18202
Published: October 21, 2019
Vulnerability identifier: #VU21973
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-18202
CWE-ID: CWE-73
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
WAGO PFC100 Series 750-8101/025-000
WAGO PFC100 Series 750-8102/025-000
WAGO PFC100 Series 750-8102
WAGO PFC100 Series 750-8100
WAGO PFC100 Series 750-8101
WAGO PFC200 Series 750-8206/040-001
WAGO PFC200 Series 750-8208/025-001
WAGO PFC200 Series 750-8215
WAGO PFC200 Series 750-8212/000-100
WAGO PFC200 Series 750-8206/040-000
WAGO PFC200 Series 750-8202/040-000
WAGO PFC200 Series 750-8216/025-000
WAGO PFC200 Series 750-8216/025-001
WAGO PFC200 Series 750-8212/025-000
WAGO PFC200 Series 750-8212/025-002
WAGO PFC200 Series 750-8216
WAGO PFC200 Series 750-8214
WAGO PFC200 Series 750-8213
WAGO PFC200 Series 750-8212/025-001
WAGO PFC200 Series 750-8212
WAGO PFC200 Series 750-8208/025-000
WAGO PFC200 Series 750-8208
WAGO PFC200 Series 750-8207/025-001
WAGO PFC200 Series 750-8207/025-000
WAGO PFC200 Series 750-8207
WAGO PFC200 Series 750-8206/025-001
WAGO PFC200 Series 750-8206/025-000
WAGO PFC200 Series 750-8206
WAGO PFC200 Series 750-8204/025-000
WAGO PFC200 Series 750-8204
WAGO PFC200 Series 750-8203/025-000
WAGO PFC200 Series 750-8203
WAGO PFC200 Series 750-8202/040-001
WAGO PFC200 Series 750-8202/025-002
WAGO PFC200 Series 750-8202/025-001
WAGO PFC200 Series 750-8202/025-000
WAGO PFC200 Series 750-8202
WAGO PFC100 Series 750-8101/025-000
WAGO PFC100 Series 750-8102/025-000
WAGO PFC100 Series 750-8102
WAGO PFC100 Series 750-8100
WAGO PFC100 Series 750-8101
WAGO PFC200 Series 750-8206/040-001
WAGO PFC200 Series 750-8208/025-001
WAGO PFC200 Series 750-8215
WAGO PFC200 Series 750-8212/000-100
WAGO PFC200 Series 750-8206/040-000
WAGO PFC200 Series 750-8202/040-000
WAGO PFC200 Series 750-8216/025-000
WAGO PFC200 Series 750-8216/025-001
WAGO PFC200 Series 750-8212/025-000
WAGO PFC200 Series 750-8212/025-002
WAGO PFC200 Series 750-8216
WAGO PFC200 Series 750-8214
WAGO PFC200 Series 750-8213
WAGO PFC200 Series 750-8212/025-001
WAGO PFC200 Series 750-8212
WAGO PFC200 Series 750-8208/025-000
WAGO PFC200 Series 750-8208
WAGO PFC200 Series 750-8207/025-001
WAGO PFC200 Series 750-8207/025-000
WAGO PFC200 Series 750-8207
WAGO PFC200 Series 750-8206/025-001
WAGO PFC200 Series 750-8206/025-000
WAGO PFC200 Series 750-8206
WAGO PFC200 Series 750-8204/025-000
WAGO PFC200 Series 750-8204
WAGO PFC200 Series 750-8203/025-000
WAGO PFC200 Series 750-8203
WAGO PFC200 Series 750-8202/040-001
WAGO PFC200 Series 750-8202/025-002
WAGO PFC200 Series 750-8202/025-001
WAGO PFC200 Series 750-8202/025-000
WAGO PFC200 Series 750-8202
Software vendor:
WAGO
WAGO
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected software allows check paths or file names that are used in filesystem operations. A remote attacker can send a specially crafted HTTP request, identify installed software and gain access to sensitive data (e.g. session data stored in the file system).
Remediation
Install updates FW12 from vendor's website.