Wago: >> E!cockpit >> 1.5.1.1 Security Vulnerabilities
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-03-11
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-03-11