CVE-2019-5158

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talosCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
wagoe\!cockpit
1.6.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951