Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_WAGO_CVE-2023-1698.NASL
HistoryJun 01, 2023 - 12:00 a.m.

Wago Unauthenticated command execution via Web-based-management (CVE-2023-1698)

2023-06-0100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
wago
unauthenticated command execution
web-based management
cve-2023-1698
vulnerability
wago products
unauthorized access
system compromise

9.6 High

AI Score

Confidence

High

0.882 High

EPSS

Percentile

98.7%

JSON

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501165);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/20");

  script_cve_id("CVE-2023-1698");

  script_name(english:"Wago Unauthenticated command execution via Web-based-management (CVE-2023-1698)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"In multiple products of WAGO a vulnerability allows an
unauthenticated, remote attacker to create new users and change the
device configuration which can result in unintended behaviour, Denial
of Service and full system compromise.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert.vde.com/en/advisories/VDE-2023-007/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-1698");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(78);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/01");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:edge_controller_firmware:22");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:pfc100_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:pfc200_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Wago");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Wago');

var asset = tenable_ot::assets::get(vendor:'Wago');

var vuln_cpes = {
    "cpe:/o:wago:edge_controller_firmware:22" :
        {"versionEndIncluding" : "fw22", "versionStartIncluding" : "fw22", "family" : "EdgeController"},
    "cpe:/o:wago:pfc100_firmware" :
        {"versionEndIncluding" : "fw22", "versionStartIncluding" : "fw20", "family" : "ControllerPFC100"},
    "cpe:/o:wago:pfc100_firmware:23" :
        {"versionEndIncluding" : "fw23", "versionStartIncluding" : "fw23", "family" : "ControllerPFC100"},
    "cpe:/o:wago:pfc200_firmware" :
        {"versionEndIncluding" : "fw22", "versionStartIncluding" : "fw20", "family" : "ControllerPFC200"},
    "cpe:/o:wago:pfc200_firmware:23" :
        {"versionEndIncluding" : "fw23", "versionStartIncluding" : "fw23", "family" : "ControllerPFC200"},
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
wagoedge_controller_firmware22cpe:/o:wago:edge_controller_firmware:22
wagopfc100_firmwarecpe:/o:wago:pfc100_firmware
wagopfc200_firmwarecpe:/o:wago:pfc200_firmware

Related

nuclei 1
nvd 1
githubexploit 3
cvelist 1
cve 1
prion 1
nuclei
nuclei
WAGO - Remote Command Execution
2023-07-30 16:41:33
nvd
nvd
CVE-2023-1698
2023-05-15 09:15:09
githubexploit
githubexploit
Exploit for OS Command Injection in Wago Compact Controller 100 Firmware
2023-10-20 12:15:39
Exploit for OS Command Injection in Wago Compact Controller 100 Firmware
2023-09-10 01:29:48
Exploit for OS Command Injection in Wago Compact Controller 100 Firmware
2023-09-15 20:06:31
cvelist
cvelist
CVE-2023-1698 WAGO: WBM Command Injection in multiple products
2023-05-15 08:51:27
cve
cve
CVE-2023-1698
2023-05-15 09:15:09
prion
prion
Design/Logic Flaw
2023-05-15 09:15:00

9.6 High

AI Score

Confidence

High

0.882 High

EPSS

Percentile

98.7%

JSON
Related for TENABLE_OT_WAGO_CVE-2023-1698.NASL
nuclei1nvd1githubexploit3cvelist1cve1prion1