CVE-2023-4089 – WAGO: Multiple products vulnerable to local file inclusion
https://notcve.org/view.php?id=CVE-2023-4089
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. En los productos Wago afectados, un atacante remoto con privilegios administrativos puede acceder a archivos a los que ya tiene acceso a través de una inclusión de archivo local no documentada. Este acceso se registra en un archivo de registro diferente al esperado. • https://cert.vde.com/en/advisories/VDE-2023-046 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-1150 – WAGO: Series 750-3x/-8x prone to MODBUS server DoS
https://notcve.org/view.php?id=CVE-2023-1150
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. • https://cert.vde.com/en/advisories/VDE-2023-005 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-1620 – WAGO: DoS in multiple products in multiple versions using Codesys
https://notcve.org/view.php?id=CVE-2023-1620
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation •
CVE-2023-1619 – WAGO: DoS in multiple versions of multiple products
https://notcve.org/view.php?id=CVE-2023-1619
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. • https://cert.vde.com/en/advisories/VDE-2023-006 • CWE-20: Improper Input Validation •
CVE-2023-1698 – WAGO: WBM Command Injection in multiple products
https://notcve.org/view.php?id=CVE-2023-1698
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. • https://github.com/codeb0ss/CVE-2023-1698-PoC https://github.com/Chocapikk/CVE-2023-1698 https://github.com/thedarknessdied/WAGO-CVE-2023-1698 https://github.com/deIndra/CVE-2023-1698 https://cert.vde.com/en/advisories/VDE-2023-007 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •