CVE-2023-1620 — MEDIUM (4.9)

Q: What is CVE-2023-1620?

CVE-2023-1620 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

Q: How severe is CVE-2023-1620?

CVE-2023-1620 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-1620?

Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-331 Firmware, Wago 750-331, Wago 750-8202 Firmware, Wago 750-8202, Wago 750-8202\/000-011 Firmware.

Vulnerability Description

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wago	750-331 Firmware	< fw17
Wago	750-331	-
Wago	750-8202 Firmware	< fw22
Wago	750-8202	-
Wago	750-8202\/000-011 Firmware	< fw22
Wago	750-8202\/000-011	-
Wago	750-8202\/000-012 Firmware	< fw22
Wago	750-8202\/000-012	-
Wago	750-8202\/000-022 Firmware	< fw22
Wago	750-8202\/000-022	-
Wago	750-8202\/025-000 Firmware	< fw22
Wago	750-8202\/025-000	-
Wago	750-8202\/025-001 Firmware	< fw22
Wago	750-8202\/025-001	-
Wago	750-8202\/025-002 Firmware	< fw22
Wago	750-8202\/025-002	-
Wago	750-8202\/040-000 Firmware	< fw22
Wago	750-8202\/040-000	-
Wago	750-8202\/040-001 Firmware	< fw22
Wago	750-8202\/040-001	-

Related Weaknesses (CWE)

CWE-1288

References

https://cert.vde.com/en/advisories/VDE-2023-006/MitigationThird Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-006/MitigationThird Party Advisory

FAQ

What is CVE-2023-1620?

CVE-2023-1620 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

How severe is CVE-2023-1620?

CVE-2023-1620 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-1620?

Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-331 Firmware, Wago 750-331, Wago 750-8202 Firmware, Wago 750-8202, Wago 750-8202\/000-011 Firmware.