CRITICAL🇬🇧 English

CVE-2023-1698

CVSS 9.8v3.1pub. 2023-05-15upd. 2024-11-21

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wago Compact Controller 100

    HW
    Wago
    wszystkie wersje
  • Wago Compact Controller 100 Firmware

    OS
    Wago
    20 – 23
  • Wago Edge Controller

    HW
    Wago
    wszystkie wersje
  • Wago Edge Controller Firmware

    OS
    Wago
    22
  • Wago Pfc100

    HW
    Wago
    wszystkie wersje
  • Wago Pfc100 Firmware

    OS
    Wago
    20 – 23
  • Wago Pfc200

    HW
    Wago
    wszystkie wersje
  • Wago Pfc200 Firmware

    OS
    Wago
    20 – 23
  • Wago Touch Panel 600 Advanced

    HW
    Wago
    wszystkie wersje
  • Wago Touch Panel 600 Advanced Firmware

    OS
    Wago
    22
  • Wago Touch Panel 600 Marine

    HW
    Wago
    wszystkie wersje
  • Wago Touch Panel 600 Marine Firmware

    OS
    Wago
    22
  • Wago Touch Panel 600 Standard

    HW
    Wago
    wszystkie wersje
  • Wago Touch Panel 600 Standard Firmware

    OS
    Wago
    22
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoSCommand Injection
CWE
Referencje

Powiązane podatności

CVE-2022-45138CRITICAL9.8ten sam produkt

The configuration backend of the web-based management can be used by unauthenticated users, although only auth...

CVE-2022-45140CRITICAL9.8ten sam produkt

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the s...

CVE-2020-12522CRITICAL10.0ten sam produkt

The reported vulnerability allows an attacker who has network access to the device to execute code with specia...

CVE-2019-5161CRITICAL9.1ten sam produkt

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC2...

CVE-2019-5160CRITICAL9.1ten sam produkt

An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO P...

CVE-2023-1698 — CRITICAL 9.8 | CVEbaza.pl