CVE-2019-5158— WAGO e!COCKPIT 信任管理问题漏洞

N/A

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.

N/A

N/A

WAGO e!COCKPIT 信任管理问题漏洞

WAGO e!COCKPIT是德国WAGO公司的一套集成式开发环境软件。该软件主要用于硬件配置、编程和仿真等。 WAGO e!COCKPIT v1.6.1.5版本中的固件更新包功能存在信任管理问题漏洞。该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。

N/A

N/A