An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.
[
{
"product": "WAGO e!COCKPIT",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "1.6.1.5"
}
]
}
]