.. / CVE-2023-1698

Exploit for WAGO - Remote Command Execution (CVE-2023-1698)

Description:

In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise.

Nuclei Template

View the template here CVE-2023-1698.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-1698.yaml
Copy

References:

https://github.com/deIndra/CVE-2023-1698
https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/
https://nvd.nist.gov/vuln/detail/CVE-2023-1698
https://cert.vde.com/en/advisories/VDE-2023-007/
https://github.com/codeb0ss/CVE-2023-1698-PoC