CVE-2019-5149 : Exploit Details and Defense Strategies

A vulnerability in WAGO PFC100 and PFC200 Firmware versions allows for a denial of service attack due to a limitation in the FastCGI module.

Understanding CVE-2019-5149

This CVE affects WAGO PFC100 and PFC200 Firmware versions due to a configuration issue in the FastCGI module.

What is CVE-2019-5149?

The vulnerability arises from a limitation in the number of concurrent php-cgi processes allowed by the FastCGI module, leading to a denial of service on the web server.

The Impact of CVE-2019-5149

The vulnerability impacts WAGO PFC200 Firmware versions 03.00.39(12) and 03.01.07(13), as well as WAGO PFC100 Firmware versions 03.00.39(12) and 03.02.02(14).

Technical Details of CVE-2019-5149

The vulnerability is due to a configuration issue in the FastCGI module.

Vulnerability Description

The default configuration of the FastCGI module limits the number of concurrent php-cgi processes to two, which can be exploited to cause a denial of service on the entire web server.

Affected Systems and Versions

WAGO PFC200 Firmware versions 03.00.39(12) and 03.01.07(13)
WAGO PFC100 Firmware versions 03.00.39(12) and 03.02.02(14)

Exploitation Mechanism

The limitation on concurrent php-cgi processes can be abused to overwhelm the web server, leading to a denial of service.

Mitigation and Prevention

Steps to address and prevent the CVE-2019-5149 vulnerability.

Immediate Steps to Take

Update to the latest firmware version that addresses the FastCGI module limitation.
Monitor web server performance for any signs of a denial of service attack.

Long-Term Security Practices

Regularly update firmware and software to patch known vulnerabilities.
Implement network security measures to detect and mitigate denial of service attacks.

Patching and Updates

Apply patches provided by WAGO to remove the limitation on php-cgi processes.