{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T07:01:44.082","vulnerabilities":[{"cve":{"id":"CVE-2019-5135","sourceIdentifier":"talos-cna@cisco.com","published":"2020-03-11T22:27:40.253","lastModified":"2024-11-21T04:44:25.020","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12)."},{"lang":"es","value":"Existe una vulnerabilidad de discrepancia de sincronización  explotable en la funcionalidad de autenticación de la aplicación web Web-Based Management (WBM) en los controladores WAGO PFC100/200. La aplicación WBM hace uso de la función PHP crypt() que puede ser explotada para revelar credenciales de usuario en hash. Esto afecta a WAGO PFC200 versión de firmware 03.00.39(12) y versión 03.01.07(13), y WAGO PFC100 versión de firmware 03.00.39(12)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:pfc200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*","matchCriteriaId":"634EB95B-254B-4310-9192-5EE98F915CC7"},{"vulnerable":true,"criteria":"cpe:2.3:o:wago:pfc200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*","matchCriteriaId":"EDEB63D9-EE1C-4005-B04C-7C9BBD746402"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*","matchCriteriaId":"688A3248-7EAA-499D-A47C-A4D4900CDBD1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:pfc100_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*","matchCriteriaId":"8C1CFEE5-22F8-44D1-94D2-5AF753F0559E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*","matchCriteriaId":"8F636354-95A2-4B36-9666-1FA57F185432"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924","source":"talos-cna@cisco.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Third Party Advisory"]}]}}]}