2 matches found
CVE-2019-5158
An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware versio...
CVE-2019-5158
WAGO e!COCKPIT firmware downgrade vulnerability (CVE-2019-5158) affects WAGO e!COCKPIT automation software and its firmware update mechanism. A crafted WUP (firmware update package) can bypass integrity by manipulating the package-info.xml metadata (e.g., Revision/ReleaseIndex) inside the unsigne...