CVE-2023-5188: WAGO Improper Input Validation in IEC61850 Server / Telecontrol
First published: Tue Dec 05 2023(Updated: )
The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <1.4.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-5188?
CVE-2023-5188 is classified as a denial-of-service vulnerability affecting certain WagoAppRTU versions.
How do I fix CVE-2023-5188?
To mitigate CVE-2023-5188, upgrade WagoAppRTU to version 1.4.6.0 or later.
What software is affected by CVE-2023-5188?
CVE-2023-5188 affects WAGO Telecontrol Configurator and WagoAppRTU versions below 1.4.6.0.
What kind of attack does CVE-2023-5188 enable?
CVE-2023-5188 allows a remote unauthenticated attacker to send malformed packets that can cause a denial-of-service condition.
Is remote access required for CVE-2023-5188 exploitation?
Yes, an attacker needs remote access to exploit CVE-2023-5188 by sending crafted packets to the vulnerable application.
- collector/nvd-api
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/source
- vendor/wago