WAGO Improper Input Validation in IEC61850 Server / Telecontrol
CVE-2023-5188

7.5HIGH

Key Information:

Vendor: WAGO
Status: Telecontrol Configurator; WagoAppRTU
Vendor: CVE Published:; 5 December 2023

Summary

The MMMS Interpreter in WagoAppRTU versions prior to 1.4.6.0, utilized by the WAGO Telecontrol Configurator, is susceptible to exploitation through malformed packets. This vulnerability allows a remote, unauthenticated attacker to send specially crafted packets, which could exploit the interpreter and cause the device to enter a denial-of-service state. Recovery from this condition requires a manual restart of the compromised device, potentially leading to significant operational disruption.

Affected Version(s)

Telecontrol Configurator *

WagoAppRTU 0 < 1.4.6.0

References

https://cert.vde.com/en/advisories/VDE-2023-044/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Sep 26, 2023

Credit

Sofia Pisani