WAGO e!Cockpit network communication cleartext transmission vulnerability

Summary

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.

Tested Versions

WAGO e!Cockpit 1.5.1.1

Product URLs

<https://www.wago.com/us/ecockpit-engineering-software&gt;

CVSSv3 Score

7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-319: Cleartext Transmission of Sensitive Information

Details

e!Cockpit is programming software provided by WAGO for working with various product lines produced by WAGO. This software is used to write IEC-61131-3 specified language that can then be compiled for a programmable logic controller to run. This software is required to be able to communicate with these devices, and it can be found in any environment that you find an industrial controller.

Network traffic does not utilize encryption for any communication. Sensitive information is transferred over the network, both locally to the GatewayService, as well as remotely to the PLC itself. This allows for an attacker locally, or anywhere between the end device and the programming software to listen to manipulate or drop any information they choose to.

Timeline

2019-09-19 - Vendor Disclosure
2019-10-31 - Vendor passed to CERT@VDE for coordination/handling
2019-12-16 - Disclosure deadline extended
2020-01-28 - Talos discussion about vulnerabilities with Vendor
2020-03-09 - Public Release