CVE-2019-5106
https://notcve.org/view.php?id=CVE-2019-5106
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. existe una vulnerabilidad de clave de cifrado embebida en la funcionalidad de autenticación de WAGO e!Cockpit versión 1.5.1.1. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898 • CWE-798: Use of Hard-coded Credentials •
CVE-2019-5107
https://notcve.org/view.php?id=CVE-2019-5107
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899 • CWE-319: Cleartext Transmission of Sensitive Information •