WAGO e!Cockpit Network Communication Plaintext Transfer Vulnerability

Cockpit is an interactive server management interface. A network communications plaintext transfer vulnerability exists in WAGO e!Cockpit, which can be exploited by an attacker to intercept, interpret, and manipulate data from or to e...

WAGO e!COCKPIT File Path Input Validation Error Vulnerability

WAGO e!COCKPIT is a set of integrated development environment software from the German company WAGO. The software is mainly used for hardware configuration, programming and simulation. A security vulnerability exists in the firmware update function of WAGO e!COCKPIT v1.6.0.7, which is caused by...

CVE-2019-5159

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of...

CVE-2019-5158

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware versio...

CVE-2019-5107

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords,...

CVE-2019-5158

WAGO e!COCKPIT firmware downgrade vulnerability (CVE-2019-5158) affects WAGO e!COCKPIT automation software and its firmware update mechanism. A crafted WUP (firmware update package) can bypass integrity by manipulating the package-info.xml metadata (e.g., Revision/ReleaseIndex) inside the unsigne...