CVE-2019-18202

Medium

5.3/10

Summary

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

References

Advisory Timeline

Published Oct 19, 2019

CVE-2019-18202

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS