CVE-2019-18202
Description
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper access control in WAGO PFC100/200 before FW12 allows remote attackers to probe for existence of paths and file names via crafted HTTP requests, leading to information disclosure.
Vulnerability
Affected devices: WAGO Series PFC100 and PFC200 before firmware version 12. The vulnerability arises from improper access control, allowing an attacker to send crafted HTTP requests to check if specific paths or file names exist on the device [1].
Exploitation
A remote attacker without prior authentication can send crafted HTTP requests to the device. No special privileges or network position beyond network access is required. The attacker can systematically probe for the existence of files and directories by observing the HTTP responses [1].
Impact
Successful exploitation allows an attacker to enumerate files and directories on the device, leading to information disclosure. This could reveal sensitive configuration files, credentials, or other data stored on the device [1].
Mitigation
Upgrade to firmware version 12 or later, which addresses the improper access control. No workaround is available. The vulnerability is not listed on CISA KEV as of the publication date [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- WAGO/Series PFC100 and PFC200description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- cert.vde.com/de-de/advisories/vde-2019-017mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.