How severe is CVE-2019-5159?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-5159?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2019-5159 - HIGH Severity | CVSS 7.8

Vulnerability Description

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.

Related Vulnerabilities

CVE-2014-0023

HIGH

CVSS:7.8(High)

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

CWE-6682014

CVE-2017-8185

HIGH

CVSS:7.8(High)

ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing ...

CWE-6682017

CVE-2018-10361

HIGH

CVSS:7.8(High)

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow...

CWE-6682018

CVE-2018-15591

HIGH

CVSS:7.8(High)

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by lev...

CWE-6682018

CVE-2019-15341

HIGH

CVSS:7.8(High)

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com...

CWE-6682019

CVE-2019-15345

HIGH

CVSS:7.8(High)

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovel...

CWE-6682019