CVE-2019-5107 - OpenCVE

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wago	E\!cockpit

Configuration 1 [-]

cpe:2.3:a:wago:e\!cockpit:1.5.1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2020-03-10T23:41:29

Updated: 2024-08-04T19:47:56.719Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5107

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-03-11T22:27:39.613

Modified: 2020-03-13T21:51:20.887

Link: CVE-2019-5107

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WAGO e!Cockpit", "vendor": "Wago", "versions": [{"status": "affected", "version": "1.5.1.1"}]}], "descriptions": [{"lang": "en", "value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."}], "problemTypes": [{"descriptions": [{"description": "Cleartext Transmission of Sensitive Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-10T23:41:29", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WAGO e!Cockpit", "version": {"version_data": [{"version_value": "1.5.1.1"}]}}]}, "vendor_name": "Wago"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.719Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5107", "datePublished": "2020-03-10T23:41:29", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.719Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wago:e\\!cockpit:1.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F4B6453-0681-42AF-A16F-B3A7AB3ADAD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints."}, {"lang": "es", "value": "Existe una vulnerabilidad de transmisi\u00f3n en texto sin cifrar en la funcionalidad de comunicaci\u00f3n de red de WAGO e!Cockpit versi\u00f3n 1.5.1.1. Un atacante con acceso al tr\u00e1fico de red puede interceptar, interpretar y manipular f\u00e1cilmente los datos que provienen de e!Cockpit. Esto incluye contrase\u00f1as, configuraciones y archivos binarios que est\u00e1n siendo transferidos hacia los endpoints."}], "id": "CVE-2019-5107", "lastModified": "2020-03-13T21:51:20.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-11T22:27:39.613", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}