CVE-2023-1698

Name of the Vulnerable Software and Affected Versions WAGO PFC100 versions >=16 and <=23 WAGO PFC200 versions >=16 and <=23 WAGO CC100 versions >=16 and <=23 WAGO Edge Controller versions >=16 and <=23 WAGO Touch Panel 600 Standard, Advanced/Marine Line versions >=16 and <=23

Description A vulnerability in WAGO products allows an unauthenticated, remote attacker to create new users and change the device configuration, which can result in unintended behavior, Denial of Service, and full system compromise. The issue is related to insufficient input validation, which can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. Approximately 15,961 devices may be affected.

Recommendations For WAGO PFC100 versions >=16 and <=23, update to a version outside of this range to mitigate the risk. For WAGO PFC200 versions >=16 and <=23, update to a version outside of this range to mitigate the risk. For WAGO CC100 versions >=16 and <=23, update to a version outside of this range to mitigate the risk. For WAGO Edge Controller versions >=16 and <=23, update to a version outside of this range to mitigate the risk. For WAGO Touch Panel 600 Standard, Advanced/Marine Line versions >=16 and <=23, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the device configuration to minimize the risk of exploitation.