Vulnerability Description
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | Compact Controller 100 Firmware | >= 20, <= 23 |
| Wago | Compact Controller 100 | - |
| Wago | Edge Controller Firmware | 22 |
| Wago | Edge Controller | - |
| Wago | Pfc100 Firmware | >= 20, <= 23 |
| Wago | Pfc100 | - |
| Wago | Pfc200 Firmware | >= 20, <= 23 |
| Wago | Pfc200 | - |
| Wago | Touch Panel 600 Advanced Firmware | 22 |
| Wago | Touch Panel 600 Advanced | - |
| Wago | Touch Panel 600 Marine Firmware | 22 |
| Wago | Touch Panel 600 Marine | - |
| Wago | Touch Panel 600 Standard Firmware | 22 |
| Wago | Touch Panel 600 Standard | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-007/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-007/Third Party Advisory
FAQ
What is CVE-2023-1698?
CVE-2023-1698 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Serv...
How severe is CVE-2023-1698?
CVE-2023-1698 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-1698?
Check the references section above for vendor advisories and patch information. Affected products include: Wago Compact Controller 100 Firmware, Wago Compact Controller 100, Wago Edge Controller Firmware, Wago Edge Controller, Wago Pfc100 Firmware.