CVE-2019-5160 (GCVE-0-2019-5160)

Vulnerability from cvelistv5 – Published: 2020-03-10 22:35 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node.
Severity ?
No CVSS data available.
CWE
  • improper access control
Assigner
References
Impacted products
Vendor Product Version
Wago WAGO PFC200 Firmware Affected: version 03.02.02(14)
Affected: version 03.01.07(13)
Affected: version 03.00.39(12)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:47:56.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WAGO PFC200 Firmware",
          "vendor": "Wago",
          "versions": [
            {
              "status": "affected",
              "version": "version 03.02.02(14)"
            },
            {
              "status": "affected",
              "version": "version 03.01.07(13)"
            },
            {
              "status": "affected",
              "version": "version 03.00.39(12)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "improper access control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-10T22:35:44",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2019-5160",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WAGO PFC200 Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 03.02.02(14)"
                          },
                          {
                            "version_value": "version 03.01.07(13)"
                          },
                          {
                            "version_value": "version 03.00.39(12)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wago"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "improper access control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2019-5160",
    "datePublished": "2020-03-10T22:35:44",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:47:56.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc200_firmware:03.00.39\\\\(12\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"634EB95B-254B-4310-9192-5EE98F915CC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc200_firmware:03.01.07\\\\(13\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDEB63D9-EE1C-4005-B04C-7C9BBD746402\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc200_firmware:03.02.02\\\\(14\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6274B67D-C65B-4834-9DB5-6FB3D0ADD3A9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"688A3248-7EAA-499D-A47C-A4D4900CDBD1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de comprobaci\\u00f3n de host inapropiada explotable en la funcionalidad Cloud Connectivity de WAGO PFC200 en las versiones de Firmware 03.02.02(14), 03.01.07(13) y 03.00.39(12). Una petici\\u00f3n POST HTTPS especialmente dise\\u00f1ada puede causar que el software se conecte a un host no autorizado, resultando en un acceso no autorizado a la funcionalidad de actualizaci\\u00f3n de firmware. Un atacante puede enviar una petici\\u00f3n POST HTTPS autenticada para dirigir el software Cloud Connectivity para que se conecte a un nodo de Azure IoT Hub controlado por el atacante.\"}]",
      "id": "CVE-2019-5160",
      "lastModified": "2024-11-21T04:44:27.900",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-03-11T22:27:41.097",
      "references": "[{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5160\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2020-03-11T22:27:41.097\",\"lastModified\":\"2024-11-21T04:44:27.900\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de comprobaci\u00f3n de host inapropiada explotable en la funcionalidad Cloud Connectivity de WAGO PFC200 en las versiones de Firmware 03.02.02(14), 03.01.07(13) y 03.00.39(12). Una petici\u00f3n POST HTTPS especialmente dise\u00f1ada puede causar que el software se conecte a un host no autorizado, resultando en un acceso no autorizado a la funcionalidad de actualizaci\u00f3n de firmware. Un atacante puede enviar una petici\u00f3n POST HTTPS autenticada para dirigir el software Cloud Connectivity para que se conecte a un nodo de Azure IoT Hub controlado por el atacante.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc200_firmware:03.00.39\\\\(12\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"634EB95B-254B-4310-9192-5EE98F915CC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc200_firmware:03.01.07\\\\(13\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDEB63D9-EE1C-4005-B04C-7C9BBD746402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc200_firmware:03.02.02\\\\(14\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6274B67D-C65B-4834-9DB5-6FB3D0ADD3A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"688A3248-7EAA-499D-A47C-A4D4900CDBD1\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.