Описание
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 03.00.35\(12\) (исключая)
Одновременно
cpe:2.3:o:wago:pfc_firmware:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00636
Низкий
5.8 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
EPSS
Процентиль: 70%
0.00636
Низкий
5.8 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo