CVE-2019-5149

Published: Mar 11, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14).

Affected (4)

Products: Wago: Pfc200 Firmware, Pfc100 Firmware

2 products

Pfc200 Firmware

Pfc100 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wago Pfc200 Firmware	Version 03.00.39(12)
Wago Pfc200 Firmware	Version 03.01.07(13)

Running on/with	Platform Versions
Wago Pfc200	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wago Pfc100 Firmware	Version 03.00.39(12)
Wago Pfc100 Firmware	Version 03.01.07(13)

Running on/with	Platform Versions
Wago Pfc100	All versions

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0939

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0939

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.