Multiple vulnerabilities in WAGO e!COCKPIT
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2019-5158 CVE-2019-5107 CVE-2019-5106 CVE-2019-5159 |
| CWE-ID | CWE-20 CWE-319 CWE-327 CWE-73 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
WAGO e!COCKPIT Client/Desktop applications / Other client software |
| Vendor | WAGO |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU26167
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-5158
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to downgrade the firmware.
The vulnerability exists due to insufficient validation of user-supplied input in the firmware update package functionality. A remote attacker can use a specially crafted firmware update file and trick a victim to install an older firmware version while he thinks a newer firmware version is being installed.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWAGO e!COCKPIT: 1.6.1.5
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2019-0951
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext transmission of sensitive information
EUVDB-ID: #VU26166
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-5107
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWAGO e!COCKPIT: 1.5.1.1
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2019-0899
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU26165
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-5106
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to sensitive information on the target system.
The vulnerability exists due to the affected products use a weak cryptographic algorithm in the authentication functionality. A local attacker with access to communications between e!Cockpit and CoDeSyS Gateway can recover the password of any user attempting to log in, in plain text.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWAGO e!COCKPIT: 1.5.1.1
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2019-0898
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) External Control of File Name or Path
EUVDB-ID: #VU26164
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-5159
CWE-ID:
CWE-73 - External Control of File Name or Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the affected software allows check paths or file names that are used in filesystem operations. A remote attacker can use a specially crafted firmware update package file using any zip utility, trick a victim to initiate a firmware update through e!COCKPIT and choose the malicious "wup" file using the file browser.
Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on the target system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWAGO e!COCKPIT: 1.6.0.7
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2019-0952
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
