CVE-2023-1698: In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

EXPLOIT

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

Affected

17 ranges

Vendor	Product	Version range	Fixed in
wago	compact_controller_100_firmware	20 – 23	—
wago	compact_controller_cc100	—	—
wago	compact_controller_cc100	FW20 – FW22	—
wago	edge_controller	—	—
wago	edge_controller_firmware	—	—
wago	pfc100	—	—
wago	pfc100	FW20 – FW22	—
wago	pfc100_firmware	20 – 23	—
wago	pfc200	—	—
wago	pfc200	FW20 – FW22	—
wago	pfc200_firmware	20 – 23	—
wago	touch_panel_600_advanced_firmware	—	—
wago	touch_panel_600_advanced_line	—	—
wago	touch_panel_600_marine_firmware	—	—
wago	touch_panel_600_marine_line	—	—
wago	touch_panel_600_standard_firmware	—	—
wago	touch_panel_600_standard_line	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

vulncheck9.8CRITICAL