CVE-2019-5158

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wago:e\!cockpit:1.6.1.5:*:*:*:*:*:*:*

History

21 Nov 2024, 04:44

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951 - Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951 - Third Party Advisory

Information

Published : 2020-03-11 22:27

Updated : 2024-11-21 04:44


NVD link : CVE-2019-5158

Mitre link : CVE-2019-5158

CVE.ORG link : CVE-2019-5158


JSON object : View

Products Affected

wago

  • e\!cockpit
CWE
CWE-798

Use of Hard-coded Credentials