CVE-2019-5134
CVE-2019-5134
In short
A flaw in the login system of WAGO industrial controllers allows attackers to bypass security checks using specially crafted requests, potentially accessing sensitive information without proper authentication.
Technical detail
The WBM authentication mechanism employs an unanchored regular expression for input validation, permitting attackers to craft requests that evade the regex filter and gain unauthorized access to protected resources. This affects WAGO PFC200 (v03.00.39(12) and v03.01.07(13)) and PFC100 (v03.00.39(12)).
Summary generated and translated by AI from the official description.
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →