Search criteria
12 vulnerabilities found for e\!cockpit by wago
VAR-202003-0672
Vulnerability from variot - Updated: 2025-01-30 21:40A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. WAGO e!Cockpit Is vulnerable to the use of cryptographic algorithms.Information may be obtained. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e!cockpit",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "1.5.1.1"
},
{
"model": "e\\!cockpit",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "1.5.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "e cockpit",
"version": "1.5.1.1"
}
],
"sources": [
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wago:e%21cockpit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
}
]
},
"cve": "CVE-2019-5106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5106",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014893",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-17488",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5106",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014893",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5106",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014893",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17488",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-628",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5106",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. WAGO e!Cockpit Is vulnerable to the use of cryptographic algorithms.Information may be obtained. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5106",
"trust": 3.6
},
{
"db": "TALOS",
"id": "TALOS-2019-0898",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2020-17488",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893",
"trust": 0.8
},
{
"db": "IVD",
"id": "933644F1-BD6B-4A22-8A7B-84FEFF4C0E1C",
"trust": 0.2
},
{
"db": "IVD",
"id": "35B710E9-2246-484D-B0F0-1751B5F8AAE5",
"trust": 0.2
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-5106",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"id": "VAR-202003-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
}
],
"trust": 1.8649572500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
},
{
"category": [
"network device"
],
"sub_category": "gateway",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
}
]
},
"last_update_date": "2025-01-30T21:40:16.634000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Programming and Configuring with e!COCKPIT",
"trust": 0.8,
"url": "https://www.wago.com/us/ecockpit-engineering-software"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "CWE-327",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0898"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5106"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5106"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"date": "2020-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"date": "2020-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"date": "2020-03-11T22:27:39.537000",
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"date": "2024-11-21T04:44:21.847000",
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO e!Cockpit Vulnerability in using cryptographic algorithms in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
}
],
"trust": 0.6
}
}
VAR-202003-0673
Vulnerability from variot - Updated: 2024-11-23 23:11A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints. WAGO e!Cockpit Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Cockpit is an interactive server management interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0673",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e!cockpit",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "1.5.1.1"
},
{
"model": "e\\!cockpit",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "1.5.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "e cockpit",
"version": "1.5.1.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128"
},
{
"db": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a"
},
{
"db": "CNVD",
"id": "CNVD-2020-17490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
},
{
"db": "NVD",
"id": "CVE-2019-5107"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wago:e%21cockpit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
}
]
},
"cve": "CVE-2019-5107",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5107",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014878",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17490",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e667e3e7-564e-4575-93d4-80ae5810b128",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5107",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014878",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5107",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014878",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17490",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-326",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128"
},
{
"db": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a"
},
{
"db": "CNVD",
"id": "CNVD-2020-17490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-326"
},
{
"db": "NVD",
"id": "CVE-2019-5107"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints. WAGO e!Cockpit Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Cockpit is an interactive server management interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5107"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
},
{
"db": "CNVD",
"id": "CNVD-2020-17490"
},
{
"db": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128"
},
{
"db": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5107",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0899",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17490",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-326",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014878",
"trust": 0.8
},
{
"db": "IVD",
"id": "E667E3E7-564E-4575-93D4-80AE5810B128",
"trust": 0.2
},
{
"db": "IVD",
"id": "9F3DDED1-310A-4379-BCB5-FF8C507A043A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128"
},
{
"db": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a"
},
{
"db": "CNVD",
"id": "CNVD-2020-17490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-326"
},
{
"db": "NVD",
"id": "CVE-2019-5107"
}
]
},
"id": "VAR-202003-0673",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128"
},
{
"db": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a"
},
{
"db": "CNVD",
"id": "CNVD-2020-17490"
}
],
"trust": 1.7649572500000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128"
},
{
"db": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a"
},
{
"db": "CNVD",
"id": "CNVD-2020-17490"
}
]
},
"last_update_date": "2024-11-23T23:11:32.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
},
{
"db": "NVD",
"id": "CVE-2019-5107"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0899"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5107"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5107"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-326"
},
{
"db": "NVD",
"id": "CVE-2019-5107"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128"
},
{
"db": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a"
},
{
"db": "CNVD",
"id": "CNVD-2020-17490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-326"
},
{
"db": "NVD",
"id": "CVE-2019-5107"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17490"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014878"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-326"
},
{
"date": "2020-03-11T22:27:39.613000",
"db": "NVD",
"id": "CVE-2019-5107"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17490"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014878"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-326"
},
{
"date": "2024-11-21T04:44:21.963000",
"db": "NVD",
"id": "CVE-2019-5107"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO e!Cockpit Vulnerability in plaintext transmission of important information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014878"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "e667e3e7-564e-4575-93d4-80ae5810b128"
},
{
"db": "IVD",
"id": "9f3dded1-310a-4379-bcb5-ff8c507a043a"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-326"
}
],
"trust": 1.0
}
}
VAR-202003-0681
Vulnerability from variot - Updated: 2024-11-23 22:51An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability. WAGO e!COCKPIT Automation software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0681",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e!cockpit",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "1.6.0.7"
},
{
"model": "e\\!cockpit",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "1.6.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "e cockpit",
"version": "1.6.0.7"
}
],
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wago:e%21cockpit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
}
]
},
"cve": "CVE-2019-5159",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5159",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014924",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-17493",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "e5a064c3-9814-4cc8-9126-052d12254488",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5159",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014924",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5159",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014924",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17493",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-374",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability. WAGO e!COCKPIT Automation software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5159"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5159",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0952",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17493",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924",
"trust": 0.8
},
{
"db": "IVD",
"id": "E5A064C3-9814-4CC8-9126-052D12254488",
"trust": 0.2
},
{
"db": "IVD",
"id": "9D1001E0-8BA0-4516-A748-C7974F5F3C44",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"id": "VAR-202003-0681",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
}
],
"trust": 1.7649572500000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
}
]
},
"last_update_date": "2024-11-23T22:51:28.638000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0952"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5159"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5159"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"date": "2020-03-11T22:27:41.020000",
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"date": "2024-11-21T04:44:27.793000",
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO e!COCKPIT Input validation vulnerabilities in automation software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
}
],
"trust": 1.0
}
}
VAR-202003-0680
Vulnerability from variot - Updated: 2024-11-23 22:05An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. WAGO e!COCKPIT Automation software contains vulnerabilities in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation.
WAGO e! COCKPIT firmware downgrade vulnerability, currently no detailed vulnerability details are provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0680",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e!cockpit",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "1.6.1.5"
},
{
"model": "e\\!cockpit",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "1.6.1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "e cockpit",
"version": "1.6.1.5"
}
],
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wago:e%21cockpit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
}
]
},
"cve": "CVE-2019-5158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014923",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-17494",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "7c941507-08b7-4c40-b4d8-764a333a9470",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5158",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014923",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5158",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014923",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17494",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-631",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. WAGO e!COCKPIT Automation software contains vulnerabilities in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation. \n\r\n\r\nWAGO e! COCKPIT firmware downgrade vulnerability, currently no detailed vulnerability details are provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5158",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0951",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17494",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923",
"trust": 0.8
},
{
"db": "IVD",
"id": "7C941507-08B7-4C40-B4D8-764A333A9470",
"trust": 0.2
},
{
"db": "IVD",
"id": "915E2601-4F27-4C9E-A600-44B986BB4E8C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"id": "VAR-202003-0680",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
}
],
"trust": 1.7649572500000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
}
]
},
"last_update_date": "2024-11-23T22:05:46.710000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0951"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5158"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5158"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"date": "2020-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"date": "2020-03-11T22:27:40.957000",
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"date": "2024-11-21T04:44:27.677000",
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO e!COCKPIT Vulnerability in using hard-coded credentials in automation software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
}
],
"trust": 0.6
}
}
CVE-2019-5159 (GCVE-0-2019-5159)
Vulnerability from nvd – Published: 2020-03-10 22:35 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.
Severity ?
No CVSS data available.
CWE
- improper input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wago | WAGO e!COCKPIT |
Affected:
1.6.0.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WAGO e!COCKPIT",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "1.6.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T22:35:47",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WAGO e!COCKPIT",
"version": {
"version_data": [
{
"version_value": "1.6.0.7"
}
]
}
}
]
},
"vendor_name": "Wago"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5159",
"datePublished": "2020-03-10T22:35:47",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5158 (GCVE-0-2019-5158)
Vulnerability from nvd – Published: 2020-03-10 23:14 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.
Severity ?
No CVSS data available.
CWE
- improper input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wago | WAGO e!COCKPIT |
Affected:
1.6.1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WAGO e!COCKPIT",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "1.6.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T23:14:27",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WAGO e!COCKPIT",
"version": {
"version_data": [
{
"version_value": "1.6.1.5"
}
]
}
}
]
},
"vendor_name": "Wago"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5158",
"datePublished": "2020-03-10T23:14:27",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5107 (GCVE-0-2019-5107)
Vulnerability from nvd – Published: 2020-03-10 23:41 – Updated: 2024-08-04 19:47
VLAI?
Summary
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.
Severity ?
No CVSS data available.
CWE
- Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wago | WAGO e!Cockpit |
Affected:
1.5.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WAGO e!Cockpit",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "1.5.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T23:41:29",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WAGO e!Cockpit",
"version": {
"version_data": [
{
"version_value": "1.5.1.1"
}
]
}
}
]
},
"vendor_name": "Wago"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5107",
"datePublished": "2020-03-10T23:41:29",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5106 (GCVE-0-2019-5106)
Vulnerability from nvd – Published: 2020-03-10 23:41 – Updated: 2024-08-04 19:47
VLAI?
Summary
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.
Severity ?
No CVSS data available.
CWE
- Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wago | WAGO e!Cockpit |
Affected:
1.5.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WAGO e!Cockpit",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "1.5.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T23:41:32",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WAGO e!Cockpit",
"version": {
"version_data": [
{
"version_value": "1.5.1.1"
}
]
}
}
]
},
"vendor_name": "Wago"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5106",
"datePublished": "2020-03-10T23:41:32",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:55.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5106 (GCVE-0-2019-5106)
Vulnerability from cvelistv5 – Published: 2020-03-10 23:41 – Updated: 2024-08-04 19:47
VLAI?
Summary
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.
Severity ?
No CVSS data available.
CWE
- Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wago | WAGO e!Cockpit |
Affected:
1.5.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WAGO e!Cockpit",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "1.5.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T23:41:32",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WAGO e!Cockpit",
"version": {
"version_data": [
{
"version_value": "1.5.1.1"
}
]
}
}
]
},
"vendor_name": "Wago"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5106",
"datePublished": "2020-03-10T23:41:32",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:55.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5107 (GCVE-0-2019-5107)
Vulnerability from cvelistv5 – Published: 2020-03-10 23:41 – Updated: 2024-08-04 19:47
VLAI?
Summary
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.
Severity ?
No CVSS data available.
CWE
- Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wago | WAGO e!Cockpit |
Affected:
1.5.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WAGO e!Cockpit",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "1.5.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T23:41:29",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WAGO e!Cockpit",
"version": {
"version_data": [
{
"version_value": "1.5.1.1"
}
]
}
}
]
},
"vendor_name": "Wago"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5107",
"datePublished": "2020-03-10T23:41:29",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5158 (GCVE-0-2019-5158)
Vulnerability from cvelistv5 – Published: 2020-03-10 23:14 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.
Severity ?
No CVSS data available.
CWE
- improper input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wago | WAGO e!COCKPIT |
Affected:
1.6.1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WAGO e!COCKPIT",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "1.6.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T23:14:27",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WAGO e!COCKPIT",
"version": {
"version_data": [
{
"version_value": "1.6.1.5"
}
]
}
}
]
},
"vendor_name": "Wago"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5158",
"datePublished": "2020-03-10T23:14:27",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5159 (GCVE-0-2019-5159)
Vulnerability from cvelistv5 – Published: 2020-03-10 22:35 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.
Severity ?
No CVSS data available.
CWE
- improper input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wago | WAGO e!COCKPIT |
Affected:
1.6.0.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WAGO e!COCKPIT",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "1.6.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T22:35:47",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WAGO e!COCKPIT",
"version": {
"version_data": [
{
"version_value": "1.6.0.7"
}
]
}
}
]
},
"vendor_name": "Wago"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5159",
"datePublished": "2020-03-10T22:35:47",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}