9.8
CVE-2023-1698
- EPSS 93.76%
- Published 15.05.2023 09:15:09
- Last modified 21.11.2024 07:39:43
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
Data is provided by the National Vulnerability Database (NVD)
Wago ≫ Compact Controller 100 Firmware Version >= 20 <= 23
Wago ≫ Edge Controller Firmware Version22
Wago ≫ Pfc100 Firmware Version >= 20 <= 23
Wago ≫ Pfc200 Firmware Version >= 20 <= 23
Wago ≫ Touch Panel 600 Advanced Firmware Version22 Update-
Wago ≫ Touch Panel 600 Marine Firmware Version22 Update-
Wago ≫ Touch Panel 600 Standard Firmware Version22 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.76% | 0.999 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| info@cert.vde.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.