CVE-2019-5149
CVSS V2 Medium 5
CVSS V3 High 7.5
Description
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14).
Overview
- CVE ID
- CVE-2019-5149
- Assigner
- talos-cna@cisco.com
- Vulnerability Status
- Analyzed
- Published Version
- 2020-03-11T22:27:40
- Last Modified Date
- 2020-03-13T21:33:11
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:wago:pfc200_firmware:03.00.39\(12\):*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:wago:pfc200_firmware:03.01.07\(13\):*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:wago:pfc100_firmware:03.00.39\(12\):*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:wago:pfc100_firmware:03.01.07\(13\):*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- NONE
- Availability Impact
- PARTIAL
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- HIGH
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2019-0939 | Exploit Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2019-5149 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5149 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 16:47:49 | Added to TrackCVE | |||
| 2022-12-04 12:26:09 | 2020-03-11T22:27Z | 2020-03-11T22:27:40 | CVE Published Date | updated |
| 2022-12-04 12:26:09 | 2020-03-13T21:33:11 | CVE Modified Date | updated | |
| 2022-12-04 12:26:09 | Analyzed | Vulnerability Status | updated |