CVE-2023-1698: WAGO: WBM Command Injection in multiple products
First published: Mon May 15 2023(Updated: )
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wago Compact Controller 100 Firmware | >=20<=23 | |
| Wago Compact Controller 100 | ||
| Wago Edge Controller Firmware | =22 | |
| Wago Edge Controller | ||
| WAGO PFC100 Firmware | >=20<=23 | |
| WAGO PFC100 | ||
| WAGO PFC200 Firmware | >=20<=23 | |
| WAGO PFC200 | ||
| Wago Touch Panel 600 Advanced Firmware | =22 | |
| Wago Touch Panel 600 Advanced | ||
| Wago Touch Panel 600 Marine Firmware | =22 | |
| Wago Touch Panel 600 Marine | ||
| Wago Touch Panel 600 Standard Firmware | =22 | |
| Wago Touch Panel 600 Standard |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-1698?
CVE-2023-1698 refers to a vulnerability found in multiple products of WAGO, allowing an unauthenticated remote attacker to create new users and change device configuration, resulting in unintended behavior, denial of service, and full system compromise.
Which products are affected by CVE-2023-1698?
The vulnerability affects multiple products of WAGO, including Compact Controller 100 Firmware (versions 20 to 23), PFC100 Firmware (versions 20 to 23), PFC200 Firmware (versions 20 to 23), Touch Panel 600 Advanced Firmware (version 22), Touch Panel 600 Marine Firmware (version 22), and Touch Panel 600 Standard Firmware (version 22).
What is the severity of CVE-2023-1698?
The severity of CVE-2023-1698 is rated as critical, with a severity value of 9.8.
How can an attacker exploit CVE-2023-1698?
An unauthenticated remote attacker can exploit CVE-2023-1698 by creating new users and changing device configuration, leading to unintended behavior, denial of service, and potential full system compromise.
Is there a fix for CVE-2023-1698?
At the moment, there is no available fix for CVE-2023-1698. It is advised to follow the recommendations provided by WAGO and monitor for updates from the vendor.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- vendor/wago
- canonical/wago compact controller 100 firmware
- version/wago compact controller 100 firmware/20
- version/wago compact controller 100 firmware/23
- canonical/wago compact controller 100
- canonical/wago edge controller firmware
- version/wago edge controller firmware/22
- canonical/wago edge controller
- canonical/wago pfc100 firmware
- version/wago pfc100 firmware/20
- version/wago pfc100 firmware/23
- canonical/wago pfc100
- canonical/wago pfc200 firmware
- version/wago pfc200 firmware/20
- version/wago pfc200 firmware/23
- canonical/wago pfc200
- canonical/wago touch panel 600 advanced firmware
- version/wago touch panel 600 advanced firmware/22
- canonical/wago touch panel 600 advanced
- canonical/wago touch panel 600 marine firmware
- version/wago touch panel 600 marine firmware/22
- canonical/wago touch panel 600 marine
- canonical/wago touch panel 600 standard firmware
- version/wago touch panel 600 standard firmware/22
- canonical/wago touch panel 600 standard