cvelistv5 - cve-2023-1698

CVE-2023-1698 (GCVE-0-2023-1698)

Vulnerability from cvelistv5 – Published: 2023-05-15 08:51 – Updated: 2025-01-23 19:13

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

CERTVDE

References

URL

Tags

https://cert.vde.com/en/advisories/VDE-2023-007/

Impacted products

Vendor

Product

Version

WAGO

Compact Controller CC100

Affected: FW20 , ≤ FW22 (semver)
Affected: FW23

WAGO	Edge Controller	Affected: FW22
WAGO	PFC100	Affected: FW20 , ≤ FW22 (semver) Affected: FW23
WAGO	PFC200	Affected: FW20 , ≤ FW22 (semver) Affected: FW23
WAGO	Touch Panel 600 Advanced Line	Affected: FW22
WAGO	Touch Panel 600 Marine Line	Affected: FW22
WAGO	Touch Panel 600 Standard Line	Affected: FW22

Credits

Quentin Kaiser from ONEKEY

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:24.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1698",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T19:12:48.907770Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T19:13:09.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Compact Controller CC100",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW20",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "FW23"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller",
          "vendor": "WAGO",
          "versions": [
            {
              "status": "affected",
              "version": "FW22"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW20",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "FW23"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "FW22",
              "status": "affected",
              "version": "FW20",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "FW23"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Touch Panel 600 Advanced Line",
          "vendor": "WAGO",
          "versions": [
            {
              "status": "affected",
              "version": "FW22"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Touch Panel 600 Marine Line",
          "vendor": "WAGO",
          "versions": [
            {
              "status": "affected",
              "version": "FW22"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Touch Panel 600 Standard Line",
          "vendor": "WAGO",
          "versions": [
            {
              "status": "affected",
              "version": "FW22"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Quentin Kaiser from ONEKEY"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
            }
          ],
          "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-15T08:51:27.453Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
        }
      ],
      "source": {
        "advisory": "VDE-2023-007",
        "defect": [
          "CERT@VDE#64422"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WAGO: WBM Command Injection in multiple products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-1698",
    "datePublished": "2023-05-15T08:51:27.453Z",
    "dateReserved": "2023-03-29T13:00:05.618Z",
    "dateUpdated": "2025-01-23T19:13:09.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20\", \"versionEndIncluding\": \"23\", \"matchCriteriaId\": \"8700EAE8-69B3-4F39-9540-EB3EB11CAB82\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"532907AF-7E4A-4065-A799-753FC3313D6C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:edge_controller_firmware:22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17FE837A-4BAB-4963-AC1F-5BEEE769AF0C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DFC57C8-6AF4-4771-B0A0-744137FBFECF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20\", \"versionEndIncluding\": \"23\", \"matchCriteriaId\": \"F462A5D8-4488-432E-8A63-FEE9B7215398\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F636354-95A2-4B36-9666-1FA57F185432\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20\", \"versionEndIncluding\": \"23\", \"matchCriteriaId\": \"29246E43-1289-45FB-A996-35DE3E6D8B67\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"688A3248-7EAA-499D-A47C-A4D4900CDBD1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A613D7C-29C0-4D4E-ACDA-15BBC6FF0104\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8221861-7455-41D5-B310-6AEA822B46CF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"774CFF47-61B6-48F8-8E1F-E3DC215066AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA7A911A-395A-4536-8756-83DB2F62899D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.\"}]",
      "id": "CVE-2023-1698",
      "lastModified": "2024-11-21T07:39:43.320",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-05-15T09:15:09.510",
      "references": "[{\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-007/\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "info@cert.vde.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-1698\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2023-05-15T09:15:09.510\",\"lastModified\":\"2024-11-21T07:39:43.320\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20\",\"versionEndIncluding\":\"23\",\"matchCriteriaId\":\"8700EAE8-69B3-4F39-9540-EB3EB11CAB82\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532907AF-7E4A-4065-A799-753FC3313D6C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:edge_controller_firmware:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17FE837A-4BAB-4963-AC1F-5BEEE769AF0C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DFC57C8-6AF4-4771-B0A0-744137FBFECF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20\",\"versionEndIncluding\":\"23\",\"matchCriteriaId\":\"F462A5D8-4488-432E-8A63-FEE9B7215398\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F636354-95A2-4B36-9666-1FA57F185432\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20\",\"versionEndIncluding\":\"23\",\"matchCriteriaId\":\"29246E43-1289-45FB-A996-35DE3E6D8B67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"688A3248-7EAA-499D-A47C-A4D4900CDBD1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A613D7C-29C0-4D4E-ACDA-15BBC6FF0104\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8221861-7455-41D5-B310-6AEA822B46CF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"774CFF47-61B6-48F8-8E1F-E3DC215066AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7A911A-395A-4536-8756-83DB2F62899D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-007/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-007/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:57:24.816Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1698\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-23T19:12:48.907770Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-23T19:12:59.446Z\"}}], \"cna\": {\"title\": \"WAGO: WBM Command Injection in multiple products\", \"source\": {\"defect\": [\"CERT@VDE#64422\"], \"advisory\": \"VDE-2023-007\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Quentin Kaiser from ONEKEY\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WAGO\", \"product\": \"Compact Controller CC100\", \"versions\": [{\"status\": \"affected\", \"version\": \"FW20\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW22\"}, {\"status\": \"affected\", \"version\": \"FW23\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Edge Controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"FW22\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"PFC100\", \"versions\": [{\"status\": \"affected\", \"version\": \"FW20\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW22\"}, {\"status\": \"affected\", \"version\": \"FW23\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"PFC200\", \"versions\": [{\"status\": \"affected\", \"version\": \"FW20\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW22\"}, {\"status\": \"affected\", \"version\": \"FW23\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Touch Panel 600 Advanced Line\", \"versions\": [{\"status\": \"affected\", \"version\": \"FW22\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Touch Panel 600 Marine Line\", \"versions\": [{\"status\": \"affected\", \"version\": \"FW22\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Touch Panel 600 Standard Line\", \"versions\": [{\"status\": \"affected\", \"version\": \"FW22\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-007/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2023-05-15T08:51:27.453Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-1698\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-23T19:13:09.654Z\", \"dateReserved\": \"2023-03-29T13:00:05.618Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2023-05-15T08:51:27.453Z\", \"assignerShortName\": \"CERTVDE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-1698

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-1698

Aliases

CVE-2023-1698

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-1698",
    "id": "GSD-2023-1698"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-1698"
      ],
      "details": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.",
      "id": "GSD-2023-1698",
      "modified": "2023-12-13T01:20:41.754720Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "info@cert.vde.com",
        "ID": "CVE-2023-1698",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Compact Controller CC100",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "FW20",
                          "version_value": "FW22"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "FW23"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Edge Controller",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "FW22"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PFC100",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "FW20",
                          "version_value": "FW22"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "FW23"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PFC200",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "FW20",
                          "version_value": "FW22"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "FW23"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Touch Panel 600 Advanced Line",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "FW22"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Touch Panel 600 Marine Line",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "FW22"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Touch Panel 600 Standard Line",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "FW22"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "WAGO"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Quentin Kaiser from ONEKEY"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-78",
                "lang": "eng",
                "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert.vde.com/en/advisories/VDE-2023-007/",
            "refsource": "MISC",
            "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
          }
        ]
      },
      "source": {
        "advisory": "VDE-2023-007",
        "defect": [
          "CERT@VDE#64422"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23",
                    "versionStartIncluding": "20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:edge_controller_firmware:22:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23",
                    "versionStartIncluding": "20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23",
                    "versionStartIncluding": "20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "ID": "CVE-2023-1698"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2023-007/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-26T17:09Z",
      "publishedDate": "2023-05-15T09:15Z"
    }
  }
}

VAR-202305-1415

Vulnerability from variot - Updated: 2023-12-18 13:46

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. compact controller 100 firmware, Edge Controller firmware, PFC100 firmware etc. WAGO The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202305-1415",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "touch panel 600 advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wago",
        "version": "22"
      },
      {
        "model": "compact controller 100",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "wago",
        "version": "20"
      },
      {
        "model": "pfc100",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "wago",
        "version": "23"
      },
      {
        "model": "compact controller 100",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "wago",
        "version": "23"
      },
      {
        "model": "pfc100",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "wago",
        "version": "20"
      },
      {
        "model": "edge controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wago",
        "version": "22"
      },
      {
        "model": "pfc200",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "wago",
        "version": "23"
      },
      {
        "model": "pfc200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "wago",
        "version": "20"
      },
      {
        "model": "touch panel 600 standard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wago",
        "version": "22"
      },
      {
        "model": "touch panel 600 marine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wago",
        "version": "22"
      },
      {
        "model": "compact controller 100",
        "scope": null,
        "trust": 0.8,
        "vendor": "wago",
        "version": null
      },
      {
        "model": "touch panel 600 marine",
        "scope": null,
        "trust": 0.8,
        "vendor": "wago",
        "version": null
      },
      {
        "model": "pfc200",
        "scope": null,
        "trust": 0.8,
        "vendor": "wago",
        "version": null
      },
      {
        "model": "edge controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "wago",
        "version": null
      },
      {
        "model": "pfc100",
        "scope": null,
        "trust": 0.8,
        "vendor": "wago",
        "version": null
      },
      {
        "model": "touch panel 600 standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "wago",
        "version": null
      },
      {
        "model": "touch panel 600 advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "wago",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-1698"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23",
                    "versionStartIncluding": "20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:edge_controller_firmware:22:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23",
                    "versionStartIncluding": "20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23",
                    "versionStartIncluding": "20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-1698"
      }
    ]
  },
  "cve": "CVE-2023-1698",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "info@cert.vde.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2023-009971",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "info@cert.vde.com",
            "id": "CVE-2023-1698",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2023-009971",
            "trust": 0.8,
            "value": "Critical"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-1698"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. compact controller 100 firmware, Edge Controller firmware, PFC100 firmware etc. WAGO The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-1698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-1698"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-1698",
        "trust": 2.7
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2023-007",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009971",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-1698",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-1698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-1698"
      }
    ]
  },
  "id": "VAR-202305-1415",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.65716723
  },
  "last_update_date": "2023-12-18T13:46:01.870000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.0
      },
      {
        "problemtype": "OS Command injection (CWE-78) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-1698"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://cert.vde.com/en/advisories/vde-2023-007/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1698"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-1698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-1698"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2023-1698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-1698"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-1698"
      },
      {
        "date": "2023-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      },
      {
        "date": "2023-05-15T09:15:09.510000",
        "db": "NVD",
        "id": "CVE-2023-1698"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-05-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-1698"
      },
      {
        "date": "2023-12-07T05:39:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      },
      {
        "date": "2023-05-26T17:09:45.837000",
        "db": "NVD",
        "id": "CVE-2023-1698"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0WAGO\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-009971"
      }
    ],
    "trust": 0.8
  }
}

GHSA-VF3G-HQQF-R379

Vulnerability from github – Published: 2023-05-15 09:30 – Updated: 2024-04-04 04:04

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-1698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-15T09:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.",
  "id": "GHSA-vf3g-hqqf-r379",
  "modified": "2024-04-04T04:04:56Z",
  "published": "2023-05-15T09:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1698"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2023-007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2023-1698

Vulnerability from fkie_nvd - Published: 2023-05-15 09:15 - Updated: 2024-11-21 07:39

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2023-007/	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en/advisories/VDE-2023-007/	Third Party Advisory

Impacted products

Vendor	Product	Version
wago	compact_controller_100_firmware	*
wago	compact_controller_100	-
wago	edge_controller_firmware	22
wago	edge_controller	-
wago	pfc100_firmware	*
wago	pfc100	-
wago	pfc200_firmware	*
wago	pfc200	-
wago	touch_panel_600_advanced_firmware	22
wago	touch_panel_600_advanced	-
wago	touch_panel_600_marine_firmware	22
wago	touch_panel_600_marine	-
wago	touch_panel_600_standard_firmware	22
wago	touch_panel_600_standard	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8700EAE8-69B3-4F39-9540-EB3EB11CAB82",
              "versionEndIncluding": "23",
              "versionStartIncluding": "20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "532907AF-7E4A-4065-A799-753FC3313D6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:edge_controller_firmware:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "17FE837A-4BAB-4963-AC1F-5BEEE769AF0C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DFC57C8-6AF4-4771-B0A0-744137FBFECF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F462A5D8-4488-432E-8A63-FEE9B7215398",
              "versionEndIncluding": "23",
              "versionStartIncluding": "20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29246E43-1289-45FB-A996-35DE3E6D8B67",
              "versionEndIncluding": "23",
              "versionStartIncluding": "20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "9A613D7C-29C0-4D4E-ACDA-15BBC6FF0104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8221861-7455-41D5-B310-6AEA822B46CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "774CFF47-61B6-48F8-8E1F-E3DC215066AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:22:-:*:*:*:*:*:*",
              "matchCriteriaId": "FA7A911A-395A-4536-8756-83DB2F62899D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise."
    }
  ],
  "id": "CVE-2023-1698",
  "lastModified": "2024-11-21T07:39:43.320",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-15T09:15:09.510",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2023-007/"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-1698 (GCVE-0-2023-1698)

GSD-2023-1698

VAR-202305-1415

GHSA-VF3G-HQQF-R379

FKIE_CVE-2023-1698

Tags

Sightings

Nomenclature