CVE-2019-5159 - OpenCVE

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wago	E\!cockpit

Configuration 1 [-]

cpe:2.3:a:wago:e\!cockpit:1.6.0.7:*:*:*:*:*:*:*

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2020-03-10T22:35:47

Updated: 2020-03-10T22:35:47

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5159

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-11T22:27:41.020

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-5159

JSON object: View

Redhat Information

No data.

CWE

CWE-668

{"containers": {"cna": {"affected": [{"product": "WAGO e!COCKPIT", "vendor": "Wago", "versions": [{"status": "affected", "version": "1.6.0.7"}]}], "descriptions": [{"lang": "en", "value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."}], "problemTypes": [{"descriptions": [{"description": "improper input validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-10T22:35:47", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5159", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WAGO e!COCKPIT", "version": {"version_data": [{"version_value": "1.6.0.7"}]}}]}, "vendor_name": "Wago"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "improper input validation"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"}]}}}}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5159", "datePublished": "2020-03-10T22:35:47", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2020-03-10T22:35:47", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wago:e\\!cockpit:1.6.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CDB90F2D-8811-4B6E-B54D-896E56A03D4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada explotable en la funcionalidad de actualizaci\u00f3n de firmware del software de automatizaci\u00f3n WAGO e!COCKPIT versi\u00f3n v1.6.0.7. Un archivo de actualizaci\u00f3n de firmware especialmente dise\u00f1ado puede permitir a un atacante escribir archivos arbitrarios en ubicaciones arbitrarias en los controladores WAGO como parte de la ejecuci\u00f3n de una actualizaci\u00f3n de firmware, resultando potencialmente en una ejecuci\u00f3n de c\u00f3digo. Un atacante puede crear un archivo de paquete de actualizaci\u00f3n de firmware malicioso utilizando cualquier utilidad zip. El usuario debe iniciar una actualizaci\u00f3n de firmware por medio de e!COCKPIT y elegir el archivo wup malicioso usando el navegador de archivos para desencadenar la vulnerabilidad."}], "id": "CVE-2019-5159", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-11T22:27:41.020", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}