PT-2019-15271 · Wago · Wago Series Pfc200+1

Nico Jansen

Published

2019-10-19

Updated

2023-03-13

CVE-2019-18202

CVSS v3.1

5.8

Medium

Vector

AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:N

Name of the Vulnerable Software and Affected Versions WAGO Series PFC100 and PFC200 devices versions prior to FW12

Description The issue allows for Information Disclosure due to improper access control. A remote attacker can exploit this by sending crafted HTTP requests to check for the existence of paths and file names.

Recommendations For WAGO Series PFC100 and PFC200 devices versions prior to FW12, update to FW12 or later to resolve the issue. As a temporary workaround, consider restricting access to the devices to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-18202

Affected Products

Wago Series Pfc100

Wago Series Pfc200

PT-2019-15271 · Wago · Wago Series Pfc200+1

CVE-2019-18202

Related Identifiers

Affected Products

References · 3