Sign-up

ID

VAR-202003-0680


CVE

CVE-2019-5158


TITLE

WAGO e!COCKPIT Vulnerability in using hard-coded credentials in automation software

Trust: 0.8

sources: JVNDB: JVNDB-2019-014923

DESCRIPTION

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. WAGO e!COCKPIT Automation software contains vulnerabilities in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO e!COCKPIT is a set of integrated development environment software of German WAGO company. The software is mainly used for hardware configuration, programming and simulation. WAGO e! COCKPIT firmware downgrade vulnerability, currently no detailed vulnerability details are provided

Trust: 2.52

sources: NVD: CVE-2019-5158 // JVNDB: JVNDB-2019-014923 // CNVD: CNVD-2020-17494 // IVD: 7c941507-08b7-4c40-b4d8-764a333a9470 // IVD: 915e2601-4f27-4c9e-a600-44b986bb4e8c

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.4

sources: IVD: 7c941507-08b7-4c40-b4d8-764a333a9470 // IVD: 915e2601-4f27-4c9e-a600-44b986bb4e8c // CNVD: CNVD-2020-17494

AFFECTED PRODUCTS

vendor:wagomodel:e!cockpitscope:eqversion:1.6.1.5

Trust: 1.4

vendor:wagomodel:e\!cockpitscope:eqversion:1.6.1.5

Trust: 1.0

vendor:e cockpitmodel: - scope:eqversion:1.6.1.5

Trust: 0.4

sources: IVD: 7c941507-08b7-4c40-b4d8-764a333a9470 // IVD: 915e2601-4f27-4c9e-a600-44b986bb4e8c // CNVD: CNVD-2020-17494 // JVNDB: JVNDB-2019-014923 // NVD: CVE-2019-5158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5158
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014923
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-17494
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-631
value: HIGH

Trust: 0.6

IVD: 7c941507-08b7-4c40-b4d8-764a333a9470
value: HIGH

Trust: 0.2

IVD: 915e2601-4f27-4c9e-a600-44b986bb4e8c
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-5158
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014923
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-17494
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7c941507-08b7-4c40-b4d8-764a333a9470
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 915e2601-4f27-4c9e-a600-44b986bb4e8c
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-5158
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014923
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7c941507-08b7-4c40-b4d8-764a333a9470 // IVD: 915e2601-4f27-4c9e-a600-44b986bb4e8c // CNVD: CNVD-2020-17494 // JVNDB: JVNDB-2019-014923 // CNNVD: CNNVD-202003-631 // NVD: CVE-2019-5158

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2019-014923 // NVD: CVE-2019-5158

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-631

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-631

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014923

PATCH
title:Top Pageurl:https://www.wago.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-014923

EXTERNAL IDS
db:NVDid:CVE-2019-5158
Trust: 3.4
db:TALOSid:TALOS-2019-0951
Trust: 3.0
db:CNVDid:CNVD-2020-17494
Trust: 1.0
db:CNNVDid:CNNVD-202003-631
Trust: 1.0
db:JVNDBid:JVNDB-2019-014923
Trust: 0.8
db:IVDid:7C941507-08B7-4C40-B4D8-764A333A9470
Trust: 0.2
db:IVDid:915E2601-4F27-4C9E-A600-44B986BB4E8C
Trust: 0.2
sources:
            
            
            IVD: 7c941507-08b7-4c40-b4d8-764a333a9470 // 
            
            
            
            IVD: 915e2601-4f27-4c9e-a600-44b986bb4e8c // 
            
            
            
            CNVD: CNVD-2020-17494 // 
            
            
            
            JVNDB: JVNDB-2019-014923 // 
            
            
            
            CNNVD: CNNVD-202003-631 // 
            
            
            
            NVD: CVE-2019-5158

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0951
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-5158
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5158
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-17494 // 
            
            
            
            JVNDB: JVNDB-2019-014923 // 
            
            
            
            CNNVD: CNNVD-202003-631 // 
            
            
            
            NVD: CVE-2019-5158

SOURCES
db:IVDid:7c941507-08b7-4c40-b4d8-764a333a9470
db:IVDid:915e2601-4f27-4c9e-a600-44b986bb4e8c
db:CNVDid:CNVD-2020-17494
db:JVNDBid:JVNDB-2019-014923
db:CNNVDid:CNNVD-202003-631
db:NVDid:CVE-2019-5158

LAST UPDATE DATE
2024-11-23T22:05:46.710000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-17494date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2019-014923date:2020-03-30T00:00:00
db:CNNVDid:CNNVD-202003-631date:2020-03-27T00:00:00
db:NVDid:CVE-2019-5158date:2024-11-21T04:44:27.677

SOURCES RELEASE DATE
db:IVDid:7c941507-08b7-4c40-b4d8-764a333a9470date:2020-03-11T00:00:00
db:IVDid:915e2601-4f27-4c9e-a600-44b986bb4e8cdate:2020-03-11T00:00:00
db:CNVDid:CNVD-2020-17494date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2019-014923date:2020-03-30T00:00:00
db:CNNVDid:CNNVD-202003-631date:2020-03-11T00:00:00
db:NVDid:CVE-2019-5158date:2020-03-11T22:27:40.957