Vulnerability-Lookup

VDE-2023-007

Vulnerability from csaf_wagogmbhcokg - Published: 2023-05-15 08:00 - Updated: 2025-05-22 13:03

Summary

WAGO: Unauthenticated command execution via Web-based-management UPDATE A

Notes

Summary: The 'legal information' plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user. UPDATE A 15.06.2023 : Removed PFC100 with FW23 as affected product and from solution PFC200 with FW23 is only affected on 750-821x/xxx-xxx Renamed "FW22 Patch 1" to "FW22 SP1" to match the versions of the download portal

Impact: Exploiting the vulnerability provides arbitrary command execution with privileges of the 'www' user. Via this flaw an attacker can change device configuration, create users or even take over the system.

Mitigation: As general security measures strongly WAGO recommends: Use general security best practices to protect systems from local and network attacks. Do not allow direct access to the device from untrusted networks. Update to the latest firmware according to the table in chapter solutions. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).

Remediation: Wago recommends all affected users to update to the firmware version listed below: | Article No° | Product Name | Fixed Version | |----------------------|------------------------------|----------------------------------| | 751-9301 | Compact Controller CC100 | FW24 | | 752-8303/8000-002 | Edge Controller | FW22 | | 752-8303/8000-002 | Edge Controller | FW24 | | 750-81xx/xxx-xxx | PFC100 | FW22 SP1 | | 750-82xx/xxx-xxx | PFC200 | FW22 SP1 l | | 750-821x/xxx-xxx | PFC200 | FW24 | | 762-5xxx | Touch Panel 600 Advanced Line| FW22 SP1 | | 762-5xxx | Touch Panel 600 Advanced Line| FW24 | | 762-6xxx | Touch Panel 600 Marine Line | FW22 SP1 | | 762-6xxx | Touch Panel 600 Marine Line | FW24 | | 762-4xxx | Touch Panel 600 Standard Line| FW22 SP1 | | 762-4xxx | Touch Panel 600 Standard Line| FW24 |

CVE-2023-1698

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Mitigation As general security measures strongly WAGO recommends: Use general security best practices to protect systems from local and network attacks. Do not allow direct access to the device from untrusted networks. Update to the latest firmware according to the table in chapter solutions. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).

Vendor Fix Wago recommends all affected users to update to the firmware version listed below: | Article No° | Product Name | Fixed Version | |----------------------|------------------------------|----------------------------------| | 751-9301 | Compact Controller CC100 | FW24 | | 752-8303/8000-002 | Edge Controller | FW22 | | 752-8303/8000-002 | Edge Controller | FW24 | | 750-81xx/xxx-xxx | PFC100 | FW22 SP1 | | 750-82xx/xxx-xxx | PFC200 | FW22 SP1 l | | 750-821x/xxx-xxx | PFC200 | FW24 | | 762-5xxx | Touch Panel 600 Advanced Line| FW22 SP1 | | 762-5xxx | Touch Panel 600 Advanced Line| FW24 | | 762-6xxx | Touch Panel 600 Marine Line | FW22 SP1 | | 762-6xxx | Touch Panel 600 Marine Line | FW24 | | 762-4xxx | Touch Panel 600 Standard Line| FW22 SP1 | | 762-4xxx | Touch Panel 600 Standard Line| FW24 |

References

URL

Category

	https://certvde.com/en/advisories/VDE-2023-007/	self
	https://wago.csaf-tp.certvde.com/.well-known/csaf…	self
	https://www.wago.com/psirt	external
	https://certvde.com/en/advisories/vendor/wago/	external

Acknowledgments

CERT@VDE certvde.com

ONEKEY Quentin Kaiser

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Quentin Kaiser"
        ],
        "organization": "ONEKEY",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The \u0027legal information\u0027 plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user.\nUPDATE A 15.06.2023 :\n\nRemoved PFC100 with FW23 as affected product and from solution\nPFC200 with FW23 is only affected on\u00a0750-821x/xxx-xxx\nRenamed \"FW22 Patch 1\" to \"FW22 SP1\" to match the versions of the download portal",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Exploiting the vulnerability provides arbitrary command execution with privileges of the \u0027www\u0027 user. Via this flaw an attacker can change device configuration, create users or even take over the system.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "As general security measures strongly WAGO recommends:\n\nUse general security best practices to protect systems from local and network attacks.\nDo not allow direct access to the device from untrusted networks.\nUpdate to the latest firmware according to the table in chapter solutions.\nIndustrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.\n\nThe BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Wago recommends all affected users to update to the firmware version listed below:\n\n| Article No\u00b0          | Product Name                 | Fixed Version                    |\n|----------------------|------------------------------|----------------------------------|\n| 751-9301             | Compact Controller CC100     | FW24                             |\n| 752-8303/8000-002    | Edge Controller              | FW22   |\n| 752-8303/8000-002    | Edge Controller              | FW24                             |\n| 750-81xx/xxx-xxx     | PFC100                       | FW22 SP1   |\n| 750-82xx/xxx-xxx     | PFC200                       | FW22 SP1 l  |\n| 750-821x/xxx-xxx     | PFC200                       | FW24                             |\n| 762-5xxx             | Touch Panel 600 Advanced Line| FW22 SP1   |\n| 762-5xxx             | Touch Panel 600 Advanced Line| FW24                             |\n| 762-6xxx             | Touch Panel 600 Marine Line  | FW22 SP1  |\n| 762-6xxx             | Touch Panel 600 Marine Line  | FW24                             |\n| 762-4xxx             | Touch Panel 600 Standard Line| FW22 SP1  |\n| 762-4xxx             | Touch Panel 600 Standard Line| FW24                             |",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-007: WAGO: Unauthenticated command execution via Web-based-management UPDATE A - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-007/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-007: WAGO: Unauthenticated command execution via Web-based-management UPDATE A - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-007.json"
      },
      {
        "category": "external",
        "summary": "WAGO PSIRT",
        "url": "https://www.wago.com/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      }
    ],
    "title": "WAGO: Unauthenticated command execution via Web-based-management UPDATE A",
    "tracking": {
      "aliases": [
        "VDE-2023-007"
      ],
      "current_release_date": "2025-05-22T13:03:10.000Z",
      "generator": {
        "date": "2025-05-05T11:33:12.946Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2023-007",
      "initial_release_date": "2023-05-15T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-05-15T08:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-22T13:03:10.000Z",
          "number": "2",
          "summary": "Fix: quotation mark"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Compact Controller 100",
                "product": {
                  "name": "Compact Controller 100",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "751-9301"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Edge Controller",
                "product": {
                  "name": "Edge Controller",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "752-8303/8000-002"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PFC100",
                "product": {
                  "name": "PFC100",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-81xx/xxx-xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PFC200",
                "product": {
                  "name": "PFC200",
                  "product_id": "CSAFPID-11004",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-821x/xxx-xxx",
                      "750-82xx/xxx-xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Touch Panel 600 Advanced Line",
                "product": {
                  "name": "Touch Panel 600 Advanced Line",
                  "product_id": "CSAFPID-11005",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-5xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Touch Panel 600 Marine Line",
                "product": {
                  "name": "Touch Panel 600 Marine Line",
                  "product_id": "CSAFPID-11006",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-6xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Touch Panel 600 Standard Line",
                "product": {
                  "name": "Touch Panel 600 Standard Line",
                  "product_id": "CSAFPID-11007",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-4xxx"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "FW23",
                "product": {
                  "name": "Firmware FW23",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "FW20\u003c=FW22",
                "product": {
                  "name": "Firmware FW20 \u003c= FW22",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version",
                "name": "FW22",
                "product": {
                  "name": "Firmware FW22",
                  "product_id": "CSAFPID-21003"
                }
              },
              {
                "category": "product_version",
                "name": "FW24",
                "product": {
                  "name": "Firmware FW24",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version",
                "name": "FW22 SP1",
                "product": {
                  "name": "Firmware FW22 SP1",
                  "product_id": "CSAFPID-22002"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW23 installed on Compact Controller 100",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 \u003c= FW22 installed on Edge Controller",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW22 installed on PFC100",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 \u003c= FW22 installed on PFC200",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW23 installed on Touch Panel 600 Advanced Line",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 \u003c= FW22 installed on Touch Panel 600 Marine Line",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW22 installed on Touch Panel 600 Standard Line",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW24 installed on Compact Controller 100",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW24 installed on Edge Controller",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW24 installed on PFC100",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW22 SP1 installed on PFC200",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW24 installed on Touch Panel 600 Advanced Line",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW24 installed on Touch Panel 600 Marine Line",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW24 installed on Touch Panel 600 Standard Line",
          "product_id": "CSAFPID-32007"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW22 installed on Compact Controller 100",
          "product_id": "CSAFPID-31008"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW23 installed on PFC200",
          "product_id": "CSAFPID-31009"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-1698",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "As general security measures strongly WAGO recommends:\n\nUse general security best practices to protect systems from local and network attacks.\nDo not allow direct access to the device from untrusted networks.\nUpdate to the latest firmware according to the table in chapter solutions.\nIndustrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy.\n\nThe BSI provides general information on securing ICS in the ICS Compendium (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/ICS-Security_compendium.pdf).",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Wago recommends all affected users to update to the firmware version listed below:\n\n| Article No\u00b0          | Product Name                 | Fixed Version                    |\n|----------------------|------------------------------|----------------------------------|\n| 751-9301             | Compact Controller CC100     | FW24                             |\n| 752-8303/8000-002    | Edge Controller              | FW22   |\n| 752-8303/8000-002    | Edge Controller              | FW24                             |\n| 750-81xx/xxx-xxx     | PFC100                       | FW22 SP1   |\n| 750-82xx/xxx-xxx     | PFC200                       | FW22 SP1 l  |\n| 750-821x/xxx-xxx     | PFC200                       | FW24                             |\n| 762-5xxx             | Touch Panel 600 Advanced Line| FW22 SP1   |\n| 762-5xxx             | Touch Panel 600 Advanced Line| FW24                             |\n| 762-6xxx             | Touch Panel 600 Marine Line  | FW22 SP1  |\n| 762-6xxx             | Touch Panel 600 Marine Line  | FW24                             |\n| 762-4xxx             | Touch Panel 600 Standard Line| FW22 SP1  |\n| 762-4xxx             | Touch Panel 600 Standard Line| FW24                             |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009"
          ]
        }
      ],
      "title": "CVE-2023-1698"
    }
  ]
}

BDU:2023-03091

Vulnerability from fstec - Published: 04.05.2023

Title

Уязвимость микропрограммного обеспечения программируемых логических контроллеров WAGO CC100 и микропрограммного обеспечения сенсорных панелей WAGO Touch Panel 600, связанная с недостаточной проверкой входных данных

Description

Уязвимость микропрограммного обеспечения программируемых логических контроллеров WAGO CC100 и микропрограммного обеспечения сенсорных панелей WAGO Touch Panel 600 связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

WAGO Kontakttechnik GmbH & Co. KG

Software Name

WAGO Compact Controller CC100, WAGO Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced, Touch Panel 600 Marine, Touch Panel 600 Standard

Software Version

до FW24 (WAGO Compact Controller CC100), FW22 (WAGO Edge Controller), от FW20 до FW22 Patch 1 (PFC100), FW23 (PFC100), от FW20 до FW22 включительно (PFC200), FW23 (PFC200), FW22 (Touch Panel 600 Advanced), FW22 (Touch Panel 600 Marine), FW22 (Touch Panel 600 Standard)

Possible Mitigations

Использование рекомендаций: https://cert.vde.com/en/advisories/VDE-2023-007/

Reference

https://cert.vde.com/en/advisories/VDE-2023-007/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1698

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "WAGO Kontakttechnik GmbH \u0026 Co. KG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e FW24 (WAGO Compact Controller CC100), FW22 (WAGO Edge Controller), \u043e\u0442 FW20 \u0434\u043e FW22 Patch 1 (PFC100), FW23 (PFC100), \u043e\u0442 FW20 \u0434\u043e FW22 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PFC200), FW23 (PFC200), FW22 (Touch Panel 600 Advanced), FW22 (Touch Panel 600 Marine), FW22 (Touch Panel 600 Standard)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://cert.vde.com/en/advisories/VDE-2023-007/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "04.05.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.06.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.06.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-03091",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-1698, VDE-2023-007",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "WAGO Compact Controller CC100, WAGO Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced, Touch Panel 600 Marine, Touch Panel 600 Standard",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 WAGO  CC100 \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u043d\u0441\u043e\u0440\u043d\u044b\u0445 \u043f\u0430\u043d\u0435\u043b\u0435\u0439 WAGO Touch Panel 600, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 WAGO CC100 \u0438 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u043d\u0441\u043e\u0440\u043d\u044b\u0445 \u043f\u0430\u043d\u0435\u043b\u0435\u0439 WAGO Touch Panel 600 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert.vde.com/en/advisories/VDE-2023-007/\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1698",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CVE-2023-1698 (GCVE-0-2023-1698)

Vulnerability from cvelistv5 – Published: 2023-05-15 08:51 – Updated: 2025-01-23 19:13

Title

WAGO: WBM Command Injection in multiple products

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

CERTVDE

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2023-007

BDU:2023-03091

CVE-2023-1698 (GCVE-0-2023-1698)

Tags

Sightings

Nomenclature