CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5158
https://notcve.org/view.php?id=CVE-2019-5158
An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. Existe una vulnerabilidad de degradación de firmware explotable en la funcionalidad de paquete de actualización de firmware del software de automatización WAGO e! • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951 • CWE-798: Use of Hard-coded Credentials •