VDE-2023-037

Vulnerability from csaf_wagogmbhcokg - Published: 2023-11-21 07:00 - Updated: 2023-11-21 07:00
Summary
WAGO: Remote Code execution vulnerability in managed Switches
Notes
Summary: Affected products are vulnerable to remote code execution via command injection in the web-based management by an attacker.
Impact: An unprivileged attacker can fully compromise the system and access all files.
Mitigation: Restrict network access to the device. Do not directly connect the device to the internet.
Remediation: WAGO recommends all affected users of products 0852-0602, 0852-0603 to update to firmware version 1.0.6.S0 and all affected users of 852-1605 to update to firmware version 1.2.5.S0.
CVE-2023-4149

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Mitigation Restrict network access to the device. Do not directly connect the device to the internet.
Vendor Fix WAGO recommends all affected users of products 0852-0602, 0852-0603 to update to firmware version 1.0.6.S0 and all affected users of 852-1605 to update to firmware version 1.2.5.S0.
References
Acknowledgments
CERT@VDE certvde.com
GAI NetConsult
INTILION AG
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "GAI NetConsult",
        "summary": "reporting"
      },
      {
        "organization": "INTILION AG",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Affected products are vulnerable to remote code execution via command injection in the web-based management by an attacker.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An unprivileged attacker can fully compromise the system and access all files.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Restrict network access to the device.\nDo not directly connect the device to the internet.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "WAGO recommends all affected users of products 0852-0602, 0852-0603 to update to firmware version 1.0.6.S0 and all affected users of 852-1605 to update to firmware version 1.2.5.S0.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-037: WAGO: Remote Code execution vulnerability in managed Switches - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-037/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-037: WAGO: Remote Code execution vulnerability in managed Switches - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-037.json"
      },
      {
        "category": "external",
        "summary": "WAGO PSIRT",
        "url": "https://www.wago.com/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      }
    ],
    "title": "WAGO: Remote Code execution vulnerability in managed Switches",
    "tracking": {
      "aliases": [
        "VDE-2023-037"
      ],
      "current_release_date": "2023-11-21T07:00:00.000Z",
      "generator": {
        "date": "2025-05-05T12:00:14.718Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2023-037",
      "initial_release_date": "2023-11-21T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-11-21T07:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Industrial Managed Switch",
                "product": {
                  "name": "Industrial Managed Switch",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "0852-1605",
                      "0852-0603",
                      "0852-0602"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.2.5.S0",
                "product": {
                  "name": "Firmware \u003c 1.2.5.S0",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.0.6.S0",
                "product": {
                  "name": "Firmware \u003c 1.0.6.S0",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version",
                "name": "1.2.5.S0",
                "product": {
                  "name": "Firmware 1.2.5.S0",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version",
                "name": "1.0.6.S0",
                "product": {
                  "name": "Firmware 1.0.6.S0",
                  "product_id": "CSAFPID-22002"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c 1.2.5.S0 installed on Industrial Managed Switch",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c 1.0.6.S0 installed on Industrial Managed Switch",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c 1.0.6.S0 installed on Industrial Managed Switch",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.2.5.S0 installed on Industrial Managed Switch",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.0.6.S0 installed on Industrial Managed Switch",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-4149",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Restrict network access to the device.\nDo not directly connect the device to the internet.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "WAGO recommends all affected users of products 0852-0602, 0852-0603 to update to firmware version 1.0.6.S0 and all affected users of 852-1605 to update to firmware version 1.2.5.S0.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003"
          ]
        }
      ],
      "title": "CVE-2023-4149"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.