Details of VAR-202003-0672

ID

VAR-202003-0672

CVE

CVE-2019-5106

TITLE

WAGO e!Cockpit Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014893

DESCRIPTION

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. WAGO e!Cockpit Is vulnerable to the use of cryptographic algorithms.Information may be obtained. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation

Trust: 2.61

sources: NVD: CVE-2019-5106 // JVNDB: JVNDB-2019-014893 // CNVD: CNVD-2020-17488 // IVD: 933644f1-bd6b-4a22-8a7b-84feff4c0e1c // IVD: 35b710e9-2246-484d-b0f0-1751b5f8aae5 // VULMON: CVE-2019-5106

IOT TAXONOMY

category:	['IoT', 'ICS']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.4
category:	['network device']	sub_category:	gateway	Trust: 0.1

sources: OTHER: None // IVD: 933644f1-bd6b-4a22-8a7b-84feff4c0e1c // IVD: 35b710e9-2246-484d-b0f0-1751b5f8aae5 // CNVD: CNVD-2020-17488

AFFECTED PRODUCTS

vendor:	wago	model:	e!cockpit	scope:	eq	version:	1.5.1.1	Trust: 1.4
vendor:	wago	model:	e\!cockpit	scope:	eq	version:	1.5.1.1	Trust: 1.0
vendor:	e cockpit	model:	-	scope:	eq	version:	1.5.1.1	Trust: 0.4

sources: IVD: 933644f1-bd6b-4a22-8a7b-84feff4c0e1c // IVD: 35b710e9-2246-484d-b0f0-1751b5f8aae5 // CNVD: CNVD-2020-17488 // JVNDB: JVNDB-2019-014893 // NVD: CVE-2019-5106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5106
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014893
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-17488
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202003-628
value:	MEDIUM
Trust: 0.6
IVD:	933644f1-bd6b-4a22-8a7b-84feff4c0e1c
value:	MEDIUM
Trust: 0.2
IVD:	35b710e9-2246-484d-b0f0-1751b5f8aae5
value:	MEDIUM
Trust: 0.2
VULMON:	CVE-2019-5106
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-5106
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-014893
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-17488
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	933644f1-bd6b-4a22-8a7b-84feff4c0e1c
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	35b710e9-2246-484d-b0f0-1751b5f8aae5
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-5106
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014893
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 933644f1-bd6b-4a22-8a7b-84feff4c0e1c // IVD: 35b710e9-2246-484d-b0f0-1751b5f8aae5 // CNVD: CNVD-2020-17488 // VULMON: CVE-2019-5106 // JVNDB: JVNDB-2019-014893 // CNNVD: CNNVD-202003-628 // NVD: CVE-2019-5106

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	CWE-327	Trust: 0.8

sources: JVNDB: JVNDB-2019-014893 // NVD: CVE-2019-5106

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-628

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-628

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014893

PATCH

title:

Programming and Configuring with e!COCKPIT

url:

https://www.wago.com/us/ecockpit-engineering-software

Trust: 0.8

sources: JVNDB: JVNDB-2019-014893

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5106	Trust: 3.6
db:	TALOS	id:	TALOS-2019-0898	Trust: 3.1
db:	CNVD	id:	CNVD-2020-17488	Trust: 1.0
db:	CNNVD	id:	CNNVD-202003-628	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-014893	Trust: 0.8
db:	IVD	id:	933644F1-BD6B-4A22-8A7B-84FEFF4C0E1C	Trust: 0.2
db:	IVD	id:	35B710E9-2246-484D-B0F0-1751B5F8AAE5	Trust: 0.2
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2019-5106	Trust: 0.1

sources: OTHER: None // IVD: 933644f1-bd6b-4a22-8a7b-84feff4c0e1c // IVD: 35b710e9-2246-484d-b0f0-1751b5f8aae5 // CNVD: CNVD-2020-17488 // VULMON: CVE-2019-5106 // JVNDB: JVNDB-2019-014893 // CNNVD: CNNVD-202003-628 // NVD: CVE-2019-5106

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2019-0898	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5106	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5106	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-17488 // VULMON: CVE-2019-5106 // JVNDB: JVNDB-2019-014893 // CNNVD: CNNVD-202003-628 // NVD: CVE-2019-5106

SOURCES

db:	OTHER	id:	-
db:	IVD	id:	933644f1-bd6b-4a22-8a7b-84feff4c0e1c
db:	IVD	id:	35b710e9-2246-484d-b0f0-1751b5f8aae5
db:	CNVD	id:	CNVD-2020-17488
db:	VULMON	id:	CVE-2019-5106
db:	JVNDB	id:	JVNDB-2019-014893
db:	CNNVD	id:	CNNVD-202003-628
db:	NVD	id:	CVE-2019-5106

LAST UPDATE DATE

2025-01-30T21:40:16.634000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-17488	date:	2020-03-18T00:00:00
db:	VULMON	id:	CVE-2019-5106	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-014893	date:	2020-03-26T00:00:00
db:	CNNVD	id:	CNNVD-202003-628	date:	2020-03-27T00:00:00
db:	NVD	id:	CVE-2019-5106	date:	2024-11-21T04:44:21.847

SOURCES RELEASE DATE

db:	IVD	id:	933644f1-bd6b-4a22-8a7b-84feff4c0e1c	date:	2020-03-11T00:00:00
db:	IVD	id:	35b710e9-2246-484d-b0f0-1751b5f8aae5	date:	2020-03-11T00:00:00
db:	CNVD	id:	CNVD-2020-17488	date:	2020-03-18T00:00:00
db:	VULMON	id:	CVE-2019-5106	date:	2020-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-014893	date:	2020-03-26T00:00:00
db:	CNNVD	id:	CNNVD-202003-628	date:	2020-03-11T00:00:00
db:	NVD	id:	CVE-2019-5106	date:	2020-03-11T22:27:39.537