Описание
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wago:e\!cockpit:1.5.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00063
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-798
Связанные уязвимости
github
больше 3 лет назад
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.
EPSS
Процентиль: 20%
0.00063
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-798