PT-2020-11066 · Wago · E!Cockpit+1

Published

2020-03-10

Updated

2021-07-21

CVE-2019-5106

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WAGO e!Cockpit version 1.5.1.1

Description A hard-coded encryption key vulnerability exists in the authentication functionality. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can recover the password of any user attempting to log in, in plain text.

Recommendations For WAGO e!Cockpit version 1.5.1.1, consider restricting access to the authentication functionality until a patch is available. As a temporary workaround, limit the communication between e!Cockpit and CoDeSyS Gateway to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2019-5106

Affected Products

Codesys Gateway

E!Cockpit

PT-2020-11066 · Wago · E!Cockpit+1

CVE-2019-5106

Weakness Enumeration

Related Identifiers

Affected Products

References · 4