An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2020-03-10T23:14:27
Updated: 2020-03-10T23:14:27
Reserved: 2019-01-04T00:00:00
Link: CVE-2019-5158
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-11T22:27:40.957
Modified: 2020-03-17T15:37:11.750
Link: CVE-2019-5158
JSON object: View
Redhat Information
No data.
CWE