VAR-202003-0681
Vulnerability from variot - Updated: 2024-11-23 22:51An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability. WAGO e!COCKPIT Automation software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0681",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e!cockpit",
"scope": "eq",
"trust": 1.4,
"vendor": "wago",
"version": "1.6.0.7"
},
{
"model": "e\\!cockpit",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "1.6.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "e cockpit",
"version": "1.6.0.7"
}
],
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wago:e%21cockpit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
}
]
},
"cve": "CVE-2019-5159",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5159",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014924",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-17493",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "e5a064c3-9814-4cc8-9126-052d12254488",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5159",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014924",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5159",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014924",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17493",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-374",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability. WAGO e!COCKPIT Automation software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5159"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5159",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0952",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-17493",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924",
"trust": 0.8
},
{
"db": "IVD",
"id": "E5A064C3-9814-4CC8-9126-052D12254488",
"trust": 0.2
},
{
"db": "IVD",
"id": "9D1001E0-8BA0-4516-A748-C7974F5F3C44",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"id": "VAR-202003-0681",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
}
],
"trust": 1.7649572500000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
}
]
},
"last_update_date": "2024-11-23T22:51:28.638000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wago.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0952"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5159"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5159"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"date": "2020-03-09T00:00:00",
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"date": "2020-03-11T22:27:41.020000",
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17493"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014924"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-374"
},
{
"date": "2024-11-21T04:44:27.793000",
"db": "NVD",
"id": "CVE-2019-5159"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO e!COCKPIT Input validation vulnerabilities in automation software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014924"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "e5a064c3-9814-4cc8-9126-052d12254488"
},
{
"db": "IVD",
"id": "9d1001e0-8ba0-4516-a748-c7974f5f3c44"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-374"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…