Sign-up

ID

VAR-202003-0673


CVE

CVE-2019-5107


TITLE

WAGO e!Cockpit Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014878

DESCRIPTION

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints. WAGO e!Cockpit Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Cockpit is an interactive server management interface

Trust: 2.52

sources: NVD: CVE-2019-5107 // JVNDB: JVNDB-2019-014878 // CNVD: CNVD-2020-17490 // IVD: e667e3e7-564e-4575-93d4-80ae5810b128 // IVD: 9f3dded1-310a-4379-bcb5-ff8c507a043a

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.4

sources: IVD: e667e3e7-564e-4575-93d4-80ae5810b128 // IVD: 9f3dded1-310a-4379-bcb5-ff8c507a043a // CNVD: CNVD-2020-17490

AFFECTED PRODUCTS

vendor:wagomodel:e!cockpitscope:eqversion:1.5.1.1

Trust: 1.4

vendor:wagomodel:e\!cockpitscope:eqversion:1.5.1.1

Trust: 1.0

vendor:e cockpitmodel: - scope:eqversion:1.5.1.1

Trust: 0.4

sources: IVD: e667e3e7-564e-4575-93d4-80ae5810b128 // IVD: 9f3dded1-310a-4379-bcb5-ff8c507a043a // CNVD: CNVD-2020-17490 // JVNDB: JVNDB-2019-014878 // NVD: CVE-2019-5107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5107
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014878
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-17490
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-326
value: HIGH

Trust: 0.6

IVD: e667e3e7-564e-4575-93d4-80ae5810b128
value: HIGH

Trust: 0.2

IVD: 9f3dded1-310a-4379-bcb5-ff8c507a043a
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-5107
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014878
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-17490
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e667e3e7-564e-4575-93d4-80ae5810b128
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 9f3dded1-310a-4379-bcb5-ff8c507a043a
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-5107
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014878
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e667e3e7-564e-4575-93d4-80ae5810b128 // IVD: 9f3dded1-310a-4379-bcb5-ff8c507a043a // CNVD: CNVD-2020-17490 // JVNDB: JVNDB-2019-014878 // CNNVD: CNNVD-202003-326 // NVD: CVE-2019-5107

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.8

sources: JVNDB: JVNDB-2019-014878 // NVD: CVE-2019-5107

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-326

TYPE

other

Trust: 1.0

sources: IVD: e667e3e7-564e-4575-93d4-80ae5810b128 // IVD: 9f3dded1-310a-4379-bcb5-ff8c507a043a // CNNVD: CNNVD-202003-326

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014878

PATCH
title:Top Pageurl:https://www.wago.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-014878

EXTERNAL IDS
db:NVDid:CVE-2019-5107
Trust: 3.4
db:TALOSid:TALOS-2019-0899
Trust: 3.0
db:CNVDid:CNVD-2020-17490
Trust: 1.0
db:CNNVDid:CNNVD-202003-326
Trust: 1.0
db:JVNDBid:JVNDB-2019-014878
Trust: 0.8
db:IVDid:E667E3E7-564E-4575-93D4-80AE5810B128
Trust: 0.2
db:IVDid:9F3DDED1-310A-4379-BCB5-FF8C507A043A
Trust: 0.2
sources:
            
            
            IVD: e667e3e7-564e-4575-93d4-80ae5810b128 // 
            
            
            
            IVD: 9f3dded1-310a-4379-bcb5-ff8c507a043a // 
            
            
            
            CNVD: CNVD-2020-17490 // 
            
            
            
            JVNDB: JVNDB-2019-014878 // 
            
            
            
            CNNVD: CNNVD-202003-326 // 
            
            
            
            NVD: CVE-2019-5107

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0899
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-5107
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5107
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-17490 // 
            
            
            
            JVNDB: JVNDB-2019-014878 // 
            
            
            
            CNNVD: CNNVD-202003-326 // 
            
            
            
            NVD: CVE-2019-5107

SOURCES
db:IVDid:e667e3e7-564e-4575-93d4-80ae5810b128
db:IVDid:9f3dded1-310a-4379-bcb5-ff8c507a043a
db:CNVDid:CNVD-2020-17490
db:JVNDBid:JVNDB-2019-014878
db:CNNVDid:CNNVD-202003-326
db:NVDid:CVE-2019-5107

LAST UPDATE DATE
2024-11-23T23:11:32.844000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-17490date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2019-014878date:2020-03-25T00:00:00
db:CNNVDid:CNNVD-202003-326date:2020-03-26T00:00:00
db:NVDid:CVE-2019-5107date:2024-11-21T04:44:21.963

SOURCES RELEASE DATE
db:IVDid:e667e3e7-564e-4575-93d4-80ae5810b128date:2020-03-09T00:00:00
db:IVDid:9f3dded1-310a-4379-bcb5-ff8c507a043adate:2020-03-09T00:00:00
db:CNVDid:CNVD-2020-17490date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2019-014878date:2020-03-25T00:00:00
db:CNNVDid:CNNVD-202003-326date:2020-03-09T00:00:00
db:NVDid:CVE-2019-5107date:2020-03-11T22:27:39.613