CVE-2023-1698

critical

Description

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

References

Advisories
Exploits

https://cert.vde.com/en/advisories/VDE-2023-007/

https://blog.compass-security.com/2024/02/luring-the-threat-lessons-from-custom-ics-honeypots-in-ukraine-and-germany/

Details

Source: Mitre, NVD

Published: 2023-05-15

Updated: 2023-05-26

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H