CVE-2019-5160 - OpenCVE

An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wago	Pfc200 Pfc200 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:wago:pfc200_firmware:03.00.39\(12\):::::::*
	cpe:2.3:o:wago:pfc200_firmware:03.01.07\(13\):::::::*
	cpe:2.3:o:wago:pfc200_firmware:03.02.02\(14\):::::::*

cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2020-03-10T22:35:44

Updated: 2024-08-04T19:47:56.585Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5160

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-03-11T22:27:41.097

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-5160

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WAGO PFC200 Firmware", "vendor": "Wago", "versions": [{"status": "affected", "version": "version 03.02.02(14)"}, {"status": "affected", "version": "version 03.01.07(13)"}, {"status": "affected", "version": "version 03.00.39(12)"}]}], "descriptions": [{"lang": "en", "value": "An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node."}], "problemTypes": [{"descriptions": [{"description": "improper access control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-10T22:35:44", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5160", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WAGO PFC200 Firmware", "version": {"version_data": [{"version_value": "version 03.02.02(14)"}, {"version_value": "version 03.01.07(13)"}, {"version_value": "version 03.00.39(12)"}]}}]}, "vendor_name": "Wago"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "improper access control"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.585Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5160", "datePublished": "2020-03-10T22:35:44", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.585Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:pfc200_firmware:03.00.39\\(12\\):*:*:*:*:*:*:*", "matchCriteriaId": "634EB95B-254B-4310-9192-5EE98F915CC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:wago:pfc200_firmware:03.01.07\\(13\\):*:*:*:*:*:*:*", "matchCriteriaId": "EDEB63D9-EE1C-4005-B04C-7C9BBD746402", "vulnerable": true}, {"criteria": "cpe:2.3:o:wago:pfc200_firmware:03.02.02\\(14\\):*:*:*:*:*:*:*", "matchCriteriaId": "6274B67D-C65B-4834-9DB5-6FB3D0ADD3A9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*", "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node."}, {"lang": "es", "value": "Existe una vulnerabilidad de comprobaci\u00f3n de host inapropiada explotable en la funcionalidad Cloud Connectivity de WAGO PFC200 en las versiones de Firmware 03.02.02(14), 03.01.07(13) y 03.00.39(12). Una petici\u00f3n POST HTTPS especialmente dise\u00f1ada puede causar que el software se conecte a un host no autorizado, resultando en un acceso no autorizado a la funcionalidad de actualizaci\u00f3n de firmware. Un atacante puede enviar una petici\u00f3n POST HTTPS autenticada para dirigir el software Cloud Connectivity para que se conecte a un nodo de Azure IoT Hub controlado por el atacante."}], "id": "CVE-2019-5160", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-11T22:27:41.097", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}