CVE-2019-5106
First published: Tue Mar 10 2020(Updated: )
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wago E!cockpit | =1.5.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-5106?
CVE-2019-5106 is considered a critical vulnerability due to the ease with which the hard-coded encryption key can be exploited to expose user passwords.
How do I fix CVE-2019-5106?
To mitigate CVE-2019-5106, update WAGO e!Cockpit to a version where the hard-coded encryption key issue has been addressed.
What are the risks associated with CVE-2019-5106?
The risks include unauthorized access to user accounts and potential control over devices that rely on WAGO e!Cockpit for operations.
Who is affected by CVE-2019-5106?
Organizations using WAGO e!Cockpit version 1.5.1.1 are affected by CVE-2019-5106 due to the vulnerability in the authentication process.
Can CVE-2019-5106 be exploited remotely?
Yes, CVE-2019-5106 can potentially be exploited remotely if an attacker has access to communications between e!Cockpit and CoDeSyS Gateway.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wago
- canonical/wago e!cockpit
- version/wago e!cockpit/1.5.1.1