VAR-202003-0672
Vulnerability from variot - Updated: 2025-01-30 21:40A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. WAGO e!Cockpit Is vulnerable to the use of cryptographic algorithms.Information may be obtained. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e!cockpit",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "1.5.1.1"
},
{
"model": "e\\!cockpit",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "1.5.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "e cockpit",
"version": "1.5.1.1"
}
],
"sources": [
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wago:e%21cockpit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
}
]
},
"cve": "CVE-2019-5106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5106",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014893",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-17488",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5106",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014893",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5106",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014893",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-17488",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-628",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5106",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. WAGO e!Cockpit Is vulnerable to the use of cryptographic algorithms.Information may be obtained. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5106",
"trust": 3.6
},
{
"db": "TALOS",
"id": "TALOS-2019-0898",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2020-17488",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893",
"trust": 0.8
},
{
"db": "IVD",
"id": "933644F1-BD6B-4A22-8A7B-84FEFF4C0E1C",
"trust": 0.2
},
{
"db": "IVD",
"id": "35B710E9-2246-484D-B0F0-1751B5F8AAE5",
"trust": 0.2
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-5106",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"id": "VAR-202003-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
}
],
"trust": 1.8649572500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
},
{
"category": [
"network device"
],
"sub_category": "gateway",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
}
]
},
"last_update_date": "2025-01-30T21:40:16.634000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Programming and Configuring with e!COCKPIT",
"trust": 0.8,
"url": "https://www.wago.com/us/ecockpit-engineering-software"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "CWE-327",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0898"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5106"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5106"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "933644f1-bd6b-4a22-8a7b-84feff4c0e1c"
},
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "35b710e9-2246-484d-b0f0-1751b5f8aae5"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"date": "2020-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"date": "2020-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"date": "2020-03-11T22:27:39.537000",
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17488"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5106"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014893"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-628"
},
{
"date": "2024-11-21T04:44:21.847000",
"db": "NVD",
"id": "CVE-2019-5106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO e!Cockpit Vulnerability in using cryptographic algorithms in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-628"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…