CVE-2019-5159

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wago:e\!cockpit:1.6.0.7:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-11 22:27

Updated : 2024-02-04 20:39

NVD link : CVE-2019-5159

Mitre link : CVE-2019-5159

CVE.ORG link : CVE-2019-5159

JSON object : View

Products Affected

wago

e\!cockpit

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2019-5159", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-03-11T22:27:41.020", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada explotable en la funcionalidad de actualizaci\u00f3n de firmware del software de automatizaci\u00f3n WAGO e!COCKPIT versi\u00f3n v1.6.0.7. Un archivo de actualizaci\u00f3n de firmware especialmente dise\u00f1ado puede permitir a un atacante escribir archivos arbitrarios en ubicaciones arbitrarias en los controladores WAGO como parte de la ejecuci\u00f3n de una actualizaci\u00f3n de firmware, resultando potencialmente en una ejecuci\u00f3n de c\u00f3digo. Un atacante puede crear un archivo de paquete de actualizaci\u00f3n de firmware malicioso utilizando cualquier utilidad zip. El usuario debe iniciar una actualizaci\u00f3n de firmware por medio de e!COCKPIT y elegir el archivo wup malicioso usando el navegador de archivos para desencadenar la vulnerabilidad."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wago:e\\!cockpit:1.6.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDB90F2D-8811-4B6E-B54D-896E56A03D4E"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}