CVE-2023-1698 - OpenCVE

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Wago	Pfc200 Firmware Pfc200 Touch Panel 600 Advanced Touch Panel 600 Advanced Firmware Pfc100 Touch Panel 600 Standard Firmware Pfc100 Firmware Compact Controller 100 Touch Panel 600 Standard Edge Controller Touch Panel 600 Marine Compact Controller 100 Firmware Touch Panel 600 Marine Firmware Edge Controller Firmware

Configuration 1 [-]

AND

cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:wago:edge_controller_firmware:22:*:*:*:*:*:*:*

cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*

cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*

cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*

cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2023-007/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-05-15T08:51:27.453Z

Updated: 2023-05-15T08:51:27.453Z

Reserved: 2023-03-29T13:00:05.618Z

Link: CVE-2023-1698

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-15T09:15:09.510

Modified: 2023-05-26T17:09:45.837

Link: CVE-2023-1698

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1698", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-03-29T13:00:05.618Z", "datePublished": "2023-05-15T08:51:27.453Z", "dateUpdated": "2023-05-15T08:51:27.453Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Compact Controller CC100", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW20", "versionType": "semver"}, {"status": "affected", "version": "FW23"}]}, {"defaultStatus": "unaffected", "product": "Edge Controller", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW22"}]}, {"defaultStatus": "unaffected", "product": "PFC100", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW20", "versionType": "semver"}, {"status": "affected", "version": "FW23"}]}, {"defaultStatus": "unaffected", "product": "PFC200", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "FW22", "status": "affected", "version": "FW20", "versionType": "semver"}, {"status": "affected", "version": "FW23"}]}, {"defaultStatus": "unaffected", "product": "Touch Panel 600 Advanced Line", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW22"}]}, {"defaultStatus": "unaffected", "product": "Touch Panel 600 Marine Line", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW22"}]}, {"defaultStatus": "unaffected", "product": "Touch Panel 600 Standard Line", "vendor": "WAGO", "versions": [{"status": "affected", "version": "FW22"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Quentin Kaiser from ONEKEY"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."}], "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-05-15T08:51:27.453Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-007/"}], "source": {"advisory": "VDE-2023-007", "defect": ["CERT@VDE#64422"], "discovery": "EXTERNAL"}, "title": "WAGO: WBM Command Injection in multiple products", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8700EAE8-69B3-4F39-9540-EB3EB11CAB82", "versionEndIncluding": "23", "versionStartIncluding": "20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "532907AF-7E4A-4065-A799-753FC3313D6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:edge_controller_firmware:22:*:*:*:*:*:*:*", "matchCriteriaId": "17FE837A-4BAB-4963-AC1F-5BEEE769AF0C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DFC57C8-6AF4-4771-B0A0-744137FBFECF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F462A5D8-4488-432E-8A63-FEE9B7215398", "versionEndIncluding": "23", "versionStartIncluding": "20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "29246E43-1289-45FB-A996-35DE3E6D8B67", "versionEndIncluding": "23", "versionStartIncluding": "20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*", "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*", "matchCriteriaId": "9A613D7C-29C0-4D4E-ACDA-15BBC6FF0104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8221861-7455-41D5-B310-6AEA822B46CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*", "matchCriteriaId": "774CFF47-61B6-48F8-8E1F-E3DC215066AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*", "matchCriteriaId": "83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*", "matchCriteriaId": "FA7A911A-395A-4536-8756-83DB2F62899D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."}], "id": "CVE-2023-1698", "lastModified": "2023-05-26T17:09:45.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2023-05-15T09:15:09.510", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "info@cert.vde.com", "type": "Primary"}]}