CVE-2023-5188

HIGH

WAGO Telecontrol Configurator and WagoAppRTU < 1.4.6.0 - Unauthenticated Denial of Service via Malformed MMS Packets

Title source: llm

Description

The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.

References (1)

Core 1

Core References

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2023-044/

Scores

CVSS v3 7.5

EPSS 0.0104

EPSS Percentile 59.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (2)

wago/telecontrol_configurator

wago/wagoapprtu < 1.4.6.0

Published Dec 05, 2023

Tracked Since Feb 18, 2026