Improper Input Validation in WAGO e!COCKPIT Automation Software
CVE-2019-5159
7.8HIGH
What is CVE-2019-5159?
An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software version 1.6.0.7. This vulnerability allows an attacker to leverage a specially crafted firmware update file to write arbitrary files to arbitrary locations on WAGO controllers during the update process. This could potentially lead to code execution if an attacker creates a malicious firmware update package and the user unwittingly selects this package when initiating a firmware update through the e!COCKPIT interface.
Affected Version(s)
WAGO e!COCKPIT 1.6.0.7