WAGO e!Cockpit authentication hard-coded encryption key vulnerability

Summary

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.

Tested Versions

WAGO e!Cockpit 1.5.1.1

Product URLs

<https://www.wago.com/us/ecockpit-engineering-software&gt;

CVSSv3 Score

6.2 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Details

e!Cockpit is programming software provided by WAGO for working with various product lines produced by WAGO. This software is used to write IEC-61131-3 specified language which can then be compiled for a programmable logic controller to run. This software is required to be able to communicate with these devices, and it can be found in any industrial controller environment.

The hard coded 32-byte key is used to XOR the plaintext password, with a four-byte challenge that is incorrectly implemented. This four-byte challenge is included in all authentication packets, and due to a coding error, is reduced to a single byte perturbance every four bytes within the password. Any authentication packet that is captured can easily be used to recover the plaintext password of the user.

if (this._dwChallenge != 0u && this._cryptType == CryptType.XOR)
{
     int num = 0;
     int num2 = 0;
     char[] array = "zeDR96EfU#27vuph7Thub?phaDr*rUbR".ToCharArray();
     char[] array2 = this._stPassword.ToCharArray();
     uint num3 = (uint)(array2.Length + 1);
     if (num3 < 32u)
     {
          num3 = 32u;
     }
     if (num3 % 4u != 0u)
     {
          num3 += 4u - num3 % 4u;
     }
     byte[] array3 = new byte[num3];
     char[] array4 = new char[]
     {
          (char)(this._dwChallenge & 255u),
          (char)(this._dwChallenge << 8 & 65280u),
          (char)(this._dwChallenge << 16 & 16711680u),
          (char)(this._dwChallenge << 24 & 4278190080u)
     };
     int num4 = 0;
     while ((long)num4 < (long)((ulong)num3))
     {
          char c = array[num];
          char c2 = '\0';
          if (num4 < array2.Length)
          {
               c2 = array2[num4];
          }
          array3[num4] = (byte)(c2 ^ c + array4[num2]);
          num++;
          if (num == array.Length)
          {
               num = 0;
          }
          num2++;
          if (num2 == 4)
          {
               num2 = 0;
          }
          num4++;
     }
     complexNodeWriter.AddDataTag(17, ContentAlignment.Align40).Write(array3);
}

Timeline

2019-09-19 - Vendor Disclosure
2019-10-31 - Vendor passed to CERT@VDE for coordination/handling
2019-12-16 - Disclosure deadline extended
2020-01-28 - Talos discussion about vulnerabilities with Vendor
2020-03-09 - Public Release