CVE-2023-5188 (GCVE-0-2023-5188)
Vulnerability from cvelistv5 – Published: 2023-12-05 07:19 – Updated: 2024-08-02 07:52
VLAI?
Summary
The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WAGO | Telecontrol Configurator |
Affected:
*
|
|||||||
|
|||||||||
Credits
Sofia Pisani
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-044/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Telecontrol Configurator",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WagoAppRTU",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.4.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sofia Pisani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device."
}
],
"value": "The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:09:31.201Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-044/"
}
],
"source": {
"advisory": "VDE-2023-044",
"defect": [
"CERT@VDE#64591"
],
"discovery": "EXTERNAL"
},
"title": "WAGO Improper Input Validation in IEC61850 Server / Telecontrol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-5188",
"datePublished": "2023-12-05T07:19:08.528Z",
"dateReserved": "2023-09-26T05:25:11.663Z",
"dateUpdated": "2024-08-02T07:52:07.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wago:telecontrol_configurator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABC2D31E-C831-4293-93B2-3D7A7F58F272\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wago:wagoapprtu:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.6.0\", \"matchCriteriaId\": \"BD685DB5-5DF9-472D-A899-69B2444368B0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.\"}, {\"lang\": \"es\", \"value\": \"MMS Interpreter de WagoAppRTU en versiones inferiores a 1.4.6.0 que utiliza WAGO Telecontrol Configurator es vulnerable a paquetes con formato incorrecto. Un atacante remoto no autenticado podr\\u00eda enviar paquetes espec\\u00edficamente manipulados que conduzcan a una condici\\u00f3n de denegaci\\u00f3n de servicio hasta que se reinicie el dispositivo afectado.\"}]",
"id": "CVE-2023-5188",
"lastModified": "2024-11-21T08:41:15.940",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-12-05T08:15:07.690",
"references": "[{\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-044/\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-044/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5188\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2023-12-05T08:15:07.690\",\"lastModified\":\"2024-11-21T08:41:15.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.\"},{\"lang\":\"es\",\"value\":\"MMS Interpreter de WagoAppRTU en versiones inferiores a 1.4.6.0 que utiliza WAGO Telecontrol Configurator es vulnerable a paquetes con formato incorrecto. Un atacante remoto no autenticado podr\u00eda enviar paquetes espec\u00edficamente manipulados que conduzcan a una condici\u00f3n de denegaci\u00f3n de servicio hasta que se reinicie el dispositivo afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wago:telecontrol_configurator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC2D31E-C831-4293-93B2-3D7A7F58F272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wago:wagoapprtu:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.6.0\",\"matchCriteriaId\":\"BD685DB5-5DF9-472D-A899-69B2444368B0\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-044/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-044/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…