In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2023-007/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
26 May 2023, 17:09
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2023-007/ - Third Party Advisory | |
First Time |
Wago compact Controller 100
Wago touch Panel 600 Marine Firmware Wago pfc200 Firmware Wago touch Panel 600 Advanced Wago touch Panel 600 Standard Wago edge Controller Wago touch Panel 600 Standard Firmware Wago pfc200 Wago pfc100 Wago touch Panel 600 Marine Wago edge Controller Firmware Wago compact Controller 100 Firmware Wago touch Panel 600 Advanced Firmware Wago Wago pfc100 Firmware |
|
CPE | cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:* cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:* cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:* cpe:2.3:o:wago:edge_controller_firmware:22:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:* cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:* |
15 May 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-15 09:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-1698
Mitre link : CVE-2023-1698
CVE.ORG link : CVE-2023-1698
JSON object : View
Products Affected
wago
- pfc100
- edge_controller
- touch_panel_600_advanced_firmware
- touch_panel_600_marine_firmware
- touch_panel_600_marine
- pfc100_firmware
- touch_panel_600_standard_firmware
- pfc200_firmware
- compact_controller_100
- touch_panel_600_standard
- pfc200
- edge_controller_firmware
- touch_panel_600_advanced
- compact_controller_100_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')