CVE-2019-5149

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 37.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Wago Pfc100 Firmware Wago Wago Pfc200 Firmware Wago Pfc100 Firmware +1 more

Timeline

PublishedMar 11

Latest updateMay 24

Description

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This aff…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDwago/pfc100_firmware03.00.39\(12\), 03.01.07\(13\)+1

▶CVEListV5wago/wago_pfc100_firmwareversion 03.00.39(12), version 03.02.02(14)+1

▶NVDwago/pfc200_firmware03.00.39\(12\), 03.01.07\(13\)+1

▶CVEListV5wago/wago_pfc200_firmwareversion 03.00.39(12), version 03.01.07(13)+1

🔴Vulnerability Details

GHSA

GHSA-g23p-pfjq-33rc: The WBM web application on firmwares prior to 03↗2022-05-24

▶

CVEList

CVE-2019-5149: The WBM web application on firmwares prior to 03↗2020-03-10

▶