CVE-2019-5159 - Vulnerability Details - OpenCVE

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wago	E\!cockpit

Configuration 1 [-]

cpe:2.3:a:wago:e\!cockpit:1.6.0.7:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2020-03-10T22:35:47

Updated: 2024-08-04T19:47:56.607Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5159

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-11T22:27:41.020

Modified: 2024-11-21T04:44:27.793

Link: CVE-2019-5159

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WAGO e!COCKPIT", "vendor": "Wago", "versions": [{"status": "affected", "version": "1.6.0.7"}]}], "descriptions": [{"lang": "en", "value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."}], "problemTypes": [{"descriptions": [{"description": "improper input validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-10T22:35:47", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5159", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WAGO e!COCKPIT", "version": {"version_data": [{"version_value": "1.6.0.7"}]}}]}, "vendor_name": "Wago"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "improper input validation"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.607Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5159", "datePublished": "2020-03-10T22:35:47", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.607Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wago:e\\!cockpit:1.6.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CDB90F2D-8811-4B6E-B54D-896E56A03D4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada explotable en la funcionalidad de actualizaci\u00f3n de firmware del software de automatizaci\u00f3n WAGO e!COCKPIT versi\u00f3n v1.6.0.7. Un archivo de actualizaci\u00f3n de firmware especialmente dise\u00f1ado puede permitir a un atacante escribir archivos arbitrarios en ubicaciones arbitrarias en los controladores WAGO como parte de la ejecuci\u00f3n de una actualizaci\u00f3n de firmware, resultando potencialmente en una ejecuci\u00f3n de c\u00f3digo. Un atacante puede crear un archivo de paquete de actualizaci\u00f3n de firmware malicioso utilizando cualquier utilidad zip. El usuario debe iniciar una actualizaci\u00f3n de firmware por medio de e!COCKPIT y elegir el archivo wup malicioso usando el navegador de archivos para desencadenar la vulnerabilidad."}], "id": "CVE-2019-5159", "lastModified": "2024-11-21T04:44:27.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-11T22:27:41.020", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}