CVE-2019-5134

Name of the Vulnerable Software and Affected Versions WAGO PFC200 versions 03.00.39(12) through 03.01.07(13) WAGO PFC100 version 03.00.39(12)

Description An exploitable regular expression without anchors issue exists in the Web-Based Management (WBM) authentication functionality. A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.

Recommendations For WAGO PFC200 versions 03.00.39(12) through 03.01.07(13), consider restricting access to the WBM authentication functionality until a patch is available. For WAGO PFC100 version 03.00.39(12), consider restricting access to the WBM authentication functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.