2 matches found
Wago PFC100/200 Web-Based Management Authentication Regex Information Disclosure (CVE-2019-5134)
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC200 versions 03.00.3912 and 03.01.0713, and WAGO PFC100 version 03.00.3912. A specially crafted authentication request can bypass regular expression...
CVE-2019-5134
The CVE-2019-5134 issue affects WAGO PFC100/PFC200 Web-Based Management, where an exploitable regular-expression without anchors in the PasswordCorrect() path allows bypass of authentication filters. A crafted request can trigger a timing/disclosure vulnerability that may reveal or help reveal pa...