SB2020031812 - Multiple vulnerabilities in WAGO e!COCKPIT

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020031812

SB2020031812 - Multiple vulnerabilities in WAGO e!COCKPIT

Published: March 18, 2020

Security Bulletin ID SB2020031812
Severity
High
Patch available
NO
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 25% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2019-5158)

The vulnerability allows a remote attacker to downgrade the firmware.

The vulnerability exists due to insufficient validation of user-supplied input in the firmware update package functionality. A remote attacker can use a specially crafted firmware update file and trick a victim to install an older firmware version while he thinks a newer firmware version is being installed.


2) Cleartext transmission of sensitive information (CVE-ID: CVE-2019-5107)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.


3) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2019-5106)

The vulnerability allows a local attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected products use a weak cryptographic algorithm in the authentication functionality. A local attacker with access to communications between e!Cockpit and CoDeSyS Gateway can recover the password of any user attempting to log in, in plain text.


4) External Control of File Name or Path (CVE-ID: CVE-2019-5159)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected software allows check paths or file names that are used in filesystem operations. A remote attacker can use a specially crafted firmware update package file using any zip utility, trick a victim to initiate a firmware update through e!COCKPIT and choose the malicious "wup" file using the file browser.

Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on the target system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References