Lucene search

[email protected]CVE-2023-1698

HistoryMay 15, 2023 - 9:15 a.m.

CVE-2023-1698

2023-05-1509:15:09

CWE-78

[email protected]

web.nvd.nist.gov

wago

vulnerability

unauthenticated

remote attacker

user creation

device configuration

denial of service

system compromise

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.913 High

EPSS

Percentile

98.9%

JSON

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

Affected configurations

NVD

Node

wagocompact_controller_100_firmwareRange20–23

AND

wagocompact_controller_100Match-

Node

wagoedge_controller_firmwareMatch22

AND

wagoedge_controllerMatch-

Node

wagopfc100_firmwareRange20–23

AND

wagopfc100Match-

Node

wagopfc200_firmwareRange20–23

AND

wagopfc200Match-

Node

wagotouch_panel_600_advanced_firmwareMatch22-

AND

wagotouch_panel_600_advancedMatch-

Node

wagotouch_panel_600_marine_firmwareMatch22-

AND

wagotouch_panel_600_marineMatch-

Node

wagotouch_panel_600_standard_firmwareMatch22-

AND

wagotouch_panel_600_standardMatch-

CPENameOperatorVersion
wago:compact_controller_100_firmwarewago compact controller 100 firmwarele23

CPE	Name	Operator	Version
wago:compact_controller_100_firmware	wago compact controller 100 firmware	le	23

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Compact Controller CC100",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW22",
        "status": "affected",
        "version": "FW20",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "FW23"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Edge Controller",
    "vendor": "WAGO",
    "versions": [
      {
        "status": "affected",
        "version": "FW22"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC100",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW22",
        "status": "affected",
        "version": "FW20",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "FW23"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC200",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW22",
        "status": "affected",
        "version": "FW20",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "FW23"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Advanced Line",
    "vendor": "WAGO",
    "versions": [
      {
        "status": "affected",
        "version": "FW22"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Marine Line",
    "vendor": "WAGO",
    "versions": [
      {
        "status": "affected",
        "version": "FW22"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Standard Line",
    "vendor": "WAGO",
    "versions": [
      {
        "status": "affected",
        "version": "FW22"
      }
    ]
  }
]