#VU26273 Regular Expression without Anchors in Wago PFC200 Controller and WAGO PFC100 Controller - CVE-2019-5134
Published: March 20, 2020
Vulnerability identifier: #VU26273
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2019-5134
CWE-ID: CWE-777
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Wago PFC200 Controller
WAGO PFC100 Controller
Wago PFC200 Controller
WAGO PFC100 Controller
Software vendor:
WAGO
WAGO
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the regular expression without anchors issue in the Web-Based Management (WBM) authentication functionality. A remote attacker can use a specially crafted authentication request to bypass regular expression filters and gain access to sensitive information on the target system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.