CVE-2023-1698

CRITICAL EXPLOITED NUCLEI

WAGO - Privilege Escalation

Title source: llm

Description

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

Exploits (6)

nomisec WORKING POC 4 stars

by X3RX3SSec · remote

https://github.com/X3RX3SSec/CVE-2023-1698

View Code ZIP pw:eip

nomisec WORKING POC 4 stars

by Chocapikk · remote

https://github.com/Chocapikk/CVE-2023-1698

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by ibrahmsql · remote

https://github.com/ibrahmsql/CVE-2023-1698

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by thedarknessdied · remote

https://github.com/thedarknessdied/WAGO-CVE-2023-1698

View Code ZIP pw:eip

nomisec WORKING POC

by deIndra · remote

https://github.com/deIndra/CVE-2023-1698

View Code ZIP pw:eip

inthewild

poc

https://github.com/codeb0ss/cve-2023-1698-poc

View on inthewild

Nuclei Templates (1)

WAGO - Remote Command Execution

CRITICALby xianke

Shodan: html:"/wbm/" html:"wago" || http.html:"/wbm/" html:"wago"

FOFA: body="/wbm/" html:"wago"

References (1)

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2023-007/

Scores

CVSS v3 9.8

EPSS 0.9376

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-04

CWE

CWE-78

Status published

Products (7)

wago/compact_controller_100_firmware 20 - 23

wago/edge_controller_firmware 22

wago/pfc100_firmware 20 - 23

wago/pfc200_firmware 20 - 23

wago/touch_panel_600_advanced_firmware 22

wago/touch_panel_600_marine_firmware 22

wago/touch_panel_600_standard_firmware 22

Published May 15, 2023

Tracked Since Feb 18, 2026