PRIOn knowledge basePRION:CVE-2023-1698

HistoryMay 15, 2023 - 9:15 a.m.

Design/Logic Flaw

2023-05-1509:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

wago products

remote attacker

user creation

device configuration

system compromise

denial of service

9.3 High

AI Score

Confidence

High

0.882 High

EPSS

Percentile

98.7%

JSON

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

CPENameOperatorVersion
compact_controller_100_firmwarege20
compact_controller_100_firmwarele23
edge_controller_firmwareeq22
pfc100_firmwarege20
pfc100_firmwarele23
pfc200_firmwarege20
pfc200_firmwarele23
touch_panel_600_advanced_firmwareeq22
touch_panel_600_marine_firmwareeq22
touch_panel_600_standard_firmwareeq22

Name	Operator	Version
compact_controller_100_firmware	ge	20
compact_controller_100_firmware	le	23
edge_controller_firmware	eq	22
pfc100_firmware	ge	20
pfc100_firmware	le	23
pfc200_firmware	ge	20
pfc200_firmware	le	23
touch_panel_600_advanced_firmware	eq	22
touch_panel_600_marine_firmware	eq	22
touch_panel_600_standard_firmware	eq	22

References

cert.vde.com/en/advisories/VDE-2023-007/