CVE-2023-1620

CWE-1288 CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 61.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

105

Wago 750-331 Firmware Wago 750-8202\/000-011 Firmware Wago 750-8202\/000-012 Firmware +102 more

Timeline

PublishedJun 26

Description

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages105 packages

▶NVDwago/750-331_firmware< fw17

▶NVDwago/750-823_firmware< fw11

▶NVDwago/750-829_firmware< fw17

▶NVDwago/750-831_firmware< fw17

▶NVDwago/750-832_firmware< fw11

🔴Vulnerability Details

CVEList

WAGO: DoS in multiple products in multiple versions using Codesys↗2023-06-26

▶

GHSA

GHSA-vhfw-j3c3-cmgg: Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically↗2023-06-26

▶