Sign-up

ID

VAR-202305-1415


CVE

CVE-2023-1698


TITLE

plural  WAGO  In the product  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-009971

DESCRIPTION

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. compact controller 100 firmware, Edge Controller firmware, PFC100 firmware etc. WAGO The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-1698 // JVNDB: JVNDB-2023-009971 // VULMON: CVE-2023-1698

AFFECTED PRODUCTS

vendor:wagomodel:edge controllerscope:eqversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc100scope:lteversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:eqversion:22

Trust: 1.0

vendor:wagomodel:compact controller 100scope:gteversion:20

Trust: 1.0

vendor:wagomodel:compact controller 100scope:lteversion:23

Trust: 1.0

vendor:wagomodel:pfc100scope:gteversion:20

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:gteversion:20

Trust: 1.0

vendor:wagomodel:pfc200scope:lteversion:23

Trust: 1.0

vendor:wagomodel:compact controller 100scope: - version: -

Trust: 0.8

vendor:wagomodel:touch panel 600 marinescope: - version: -

Trust: 0.8

vendor:wagomodel:pfc200scope: - version: -

Trust: 0.8

vendor:wagomodel:edge controllerscope: - version: -

Trust: 0.8

vendor:wagomodel:pfc100scope: - version: -

Trust: 0.8

vendor:wagomodel:touch panel 600 standardscope: - version: -

Trust: 0.8

vendor:wagomodel:touch panel 600 advancedscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-009971 // NVD: CVE-2023-1698

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com: CVE-2023-1698
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2023-009971
value: CRITICAL

Trust: 0.8

info@cert.vde.com: CVE-2023-1698
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-009971
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-009971 // NVD: CVE-2023-1698

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009971 // NVD: CVE-2023-1698

EXTERNAL IDS

db:NVDid:CVE-2023-1698

Trust: 2.7

db:CERT@VDEid:VDE-2023-007

Trust: 1.9

db:JVNDBid:JVNDB-2023-009971

Trust: 0.8

db:VULMONid:CVE-2023-1698

Trust: 0.1

sources: VULMON: CVE-2023-1698 // JVNDB: JVNDB-2023-009971 // NVD: CVE-2023-1698

REFERENCES

url:https://cert.vde.com/en/advisories/vde-2023-007/

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-1698

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-1698 // JVNDB: JVNDB-2023-009971 // NVD: CVE-2023-1698

SOURCES

db:VULMONid:CVE-2023-1698
db:JVNDBid:JVNDB-2023-009971
db:NVDid:CVE-2023-1698

LAST UPDATE DATE

2024-08-14T14:54:47.011000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-1698date:2023-05-15T00:00:00
db:JVNDBid:JVNDB-2023-009971date:2023-12-07T05:39:00
db:NVDid:CVE-2023-1698date:2023-05-26T17:09:45.837

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-1698date:2023-05-15T00:00:00
db:JVNDBid:JVNDB-2023-009971date:2023-12-07T00:00:00
db:NVDid:CVE-2023-1698date:2023-05-15T09:15:09.510