CVE-2019-5106 Vulnerability Details

  /     /     /  

CVE-2019-5106 Metadata Quick Info

CVE Published: 10/03/2020 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: talos | Vendor: Wago | Product: WAGO e!Cockpit
Status : PUBLISHED

---

CVE-2019-5106 Description

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Use of a Broken or Risky Cryptographic Algorithm
Source: Wago

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).