All the vulnerabilites related to WAGO - Touch Panel 600 Advanced Line
cve-2023-1698
Vulnerability from cvelistv5
Published
2023-05-15 08:51
Modified
2024-08-02 05:57
Severity ?
EPSS score ?
Summary
WAGO: WBM Command Injection in multiple products
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:57:24.816Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert.vde.com/en/advisories/VDE-2023-007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Compact Controller CC100", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW22", "status": "affected", "version": "FW20", "versionType": "semver" }, { "status": "affected", "version": "FW23" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller", "vendor": "WAGO", "versions": [ { "status": "affected", "version": "FW22" } ] }, { "defaultStatus": "unaffected", "product": "PFC100", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW22", "status": "affected", "version": "FW20", "versionType": "semver" }, { "status": "affected", "version": "FW23" } ] }, { "defaultStatus": "unaffected", "product": "PFC200", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW22", "status": "affected", "version": "FW20", "versionType": "semver" }, { "status": "affected", "version": "FW23" } ] }, { "defaultStatus": "unaffected", "product": "Touch Panel 600 Advanced Line", "vendor": "WAGO", "versions": [ { "status": "affected", "version": "FW22" } ] }, { "defaultStatus": "unaffected", "product": "Touch Panel 600 Marine Line", "vendor": "WAGO", "versions": [ { "status": "affected", "version": "FW22" } ] }, { "defaultStatus": "unaffected", "product": "Touch Panel 600 Standard Line", "vendor": "WAGO", "versions": [ { "status": "affected", "version": "FW22" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Quentin Kaiser from ONEKEY" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise." } ], "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise." } ], "impacts": [ { "capecId": "CAPEC-88", "descriptions": [ { "lang": "en", "value": "CAPEC-88 OS Command Injection" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-15T08:51:27.453Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2023-007/" } ], "source": { "advisory": "VDE-2023-007", "defect": [ "CERT@VDE#64422" ], "discovery": "EXTERNAL" }, "title": "WAGO: WBM Command Injection in multiple products", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2023-1698", "datePublished": "2023-05-15T08:51:27.453Z", "dateReserved": "2023-03-29T13:00:05.618Z", "dateUpdated": "2024-08-02T05:57:24.816Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4089
Vulnerability from cvelistv5
Published
2023-10-17 06:00
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
WAGO: Multiple products vulnerable to local file inclusion
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:11.728Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert.vde.com/en/advisories/VDE-2023-046/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Compact Controller CC100", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW26", "status": "affected", "version": "FW19", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Edge Controller", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW26", "status": "affected", "version": "FW18", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC100", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW26", "status": "affected", "version": "FW16", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PFC200", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW26", "status": "affected", "version": "FW16", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Touch Panel 600 Advanced Line", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW26", "status": "affected", "version": "FW16", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Touch Panel 600 Marine Line", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW26", "status": "affected", "version": "FW16", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Touch Panel 600 Standard Line", "vendor": "WAGO", "versions": [ { "lessThanOrEqual": "FW26", "status": "affected", "version": "FW16", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Floris Hendriks and Jeroen Wijenbergh from Radboud University" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected." } ], "value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-610", "description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T06:00:28.908Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2023-046/" } ], "source": { "advisory": "VDE-2023-046", "defect": [ "CERT@VDE#64532" ], "discovery": "EXTERNAL" }, "title": "WAGO: Multiple products vulnerable to local file inclusion", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2023-4089", "datePublished": "2023-10-17T06:00:28.908Z", "dateReserved": "2023-08-02T07:20:35.600Z", "dateUpdated": "2024-08-02T07:17:11.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }