VAR-202003-0680
Vulnerability from variot - Updated: 2024-11-23 22:05An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. WAGO e!COCKPIT Automation software contains vulnerabilities in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation.
WAGO e! COCKPIT firmware downgrade vulnerability, currently no detailed vulnerability details are provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0680",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e!cockpit",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "1.6.1.5"
},
{
"model": "e\\!cockpit",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "1.6.1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "e cockpit",
"version": "1.6.1.5"
}
],
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wago:e%21cockpit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
}
]
},
"cve": "CVE-2019-5158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014923",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-17494",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "7c941507-08b7-4c40-b4d8-764a333a9470",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5158",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014923",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5158",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014923",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17494",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-631",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. WAGO e!COCKPIT Automation software contains vulnerabilities in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation. \n\r\n\r\nWAGO e! COCKPIT firmware downgrade vulnerability, currently no detailed vulnerability details are provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5158",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0951",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17494",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923",
"trust": 0.8
},
{
"db": "IVD",
"id": "7C941507-08B7-4C40-B4D8-764A333A9470",
"trust": 0.2
},
{
"db": "IVD",
"id": "915E2601-4F27-4C9E-A600-44B986BB4E8C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"id": "VAR-202003-0680",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
}
],
"trust": 1.7649572500000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
}
]
},
"last_update_date": "2024-11-23T22:05:46.710000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0951"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5158"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5158"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "7c941507-08b7-4c40-b4d8-764a333a9470"
},
{
"date": "2020-03-11T00:00:00",
"db": "IVD",
"id": "915e2601-4f27-4c9e-a600-44b986bb4e8c"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"date": "2020-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"date": "2020-03-11T22:27:40.957000",
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17494"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014923"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-631"
},
{
"date": "2024-11-21T04:44:27.677000",
"db": "NVD",
"id": "CVE-2019-5158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO e!COCKPIT Vulnerability in using hard-coded credentials in automation software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014923"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-631"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…