CVE-2019-5107: 
WAGO e!COCKPIT vulnerability analysis and mitigation

A cleartext transmission vulnerability (CVE-2019-5107) was discovered in WAGO e!Cockpit version 1.5.1.1's network communication functionality. The vulnerability was discovered by Carl Hurd of Cisco Talos and publicly disclosed on March 9, 2020. The affected software, e!Cockpit, is a programming tool used for writing IEC-61131-3 specified language for programmable logic controllers (PLCs) in industrial control environments (Talos Report).

The vulnerability stems from the software's failure to implement encryption for network communications, both in local connections to the GatewayService and remote connections to PLCs. The severity is rated as HIGH with a CVSS v3.1 base score of 7.5 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability is classified under CWE-319: Cleartext Transmission of Sensitive Information (NVD, Talos Report).

The vulnerability allows attackers with network access to intercept, interpret, and manipulate sensitive data transmitted between e!Cockpit and its endpoints. The exposed data includes passwords, configurations, and binaries being transferred to endpoints. This exposure could potentially compromise industrial control systems' security and operations (Talos Report).