CVE-2023-1698

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

Published: May 15, 2023
Updated: May 16, 2023
CVE: CVE-2023-1698
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
wago / compact_controller_100_firmware	20	23.x
wago / edge_controller_firmware	22	22.x
wago / pfc100_firmware	20	23.x
wago / pfc200_firmware	20	23.x
wago / touch_panel_600_advanced_firmware	22	22.x
wago / touch_panel_600_marine_firmware	22	22.x
wago / touch_panel_600_standard_firmware	22	22.x

https://cert.vde.com/en/advisories/VDE-2023-007/

Vulnerability Database

289,782

CVE-2023-1698