CVE-2019-5135
MEDIUMWAGO PFC100/PFC200 Firmware - Timing Discrepancy in Web-Based Management Authentication
Title source: llmDescription
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).
References (1)
Core 1
Core References
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924
Scores
CVSS v3
5.3
EPSS
0.0102
EPSS Percentile
58.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (3)
wago/pfc100_firmware
03.00.39\(12\)
wago/pfc200_firmware
03.00.39\(12\)
wago/pfc200_firmware
03.01.07\(13\)
Published
Mar 11, 2020
Tracked Since
Feb 18, 2026