CVE-2019-5107 - OpenCVE

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Wago	E\!cockpit

Configuration 1 [-]

cpe:2.3:a:wago:e\!cockpit:1.5.1.1:*:*:*:*:*:*:*

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2020-03-10T23:41:29

Updated: 2020-03-10T23:41:29

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5107

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-11T22:27:39.613

Modified: 2020-03-13T21:51:20.887

Link: CVE-2019-5107

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"containers": {"cna": {"affected": [{"product": "WAGO e!Cockpit", "vendor": "Wago", "versions": [{"status": "affected", "version": "1.5.1.1"}]}], "descriptions": [{"lang": "en", "value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."}], "problemTypes": [{"descriptions": [{"description": "Cleartext Transmission of Sensitive Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-10T23:41:29", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WAGO e!Cockpit", "version": {"version_data": [{"version_value": "1.5.1.1"}]}}]}, "vendor_name": "Wago"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"}]}}}}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5107", "datePublished": "2020-03-10T23:41:29", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2020-03-10T23:41:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wago:e\\!cockpit:1.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F4B6453-0681-42AF-A16F-B3A7AB3ADAD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."}, {"lang": "es", "value": "Existe una vulnerabilidad de transmisi\u00f3n en texto sin cifrar en la funcionalidad de comunicaci\u00f3n de red de WAGO e!Cockpit versi\u00f3n 1.5.1.1. Un atacante con acceso al tr\u00e1fico de red puede interceptar, interpretar y manipular f\u00e1cilmente los datos que provienen de e!Cockpit. Esto incluye contrase\u00f1as, configuraciones y archivos binarios que est\u00e1n siendo transferidos hacia los endpoints."}], "id": "CVE-2019-5107", "lastModified": "2020-03-13T21:51:20.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-11T22:27:39.613", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}