There is a misconfiguration of access rights to a configuration tool of the web-based-management for a specific user, which allows to reset passwords of other users (except root). This allows an authenticated attacker to elevate his privileges.
An attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way.
UPDATE A 26.09.2023:
Changed affected Version of e!Cockpit from < 1.11.2.0 to <= 1.11.2.0
Vulnerabilities are reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations. All currently existing e!COCKPIT installation bundles and WAGO-I/O-Pro (CODESYS 2.3) installation bundles are affected with vulnerable versions of WIBU-SYSTEMS Codemeter.
UPDATE B 20.11.2023:
Removed CVE-2023-4701 because it was revoked.
Multiple WAGO devices are prone to vulnerabilites in the used CODESYS V3 framework.
A vulnerability allows Bluetooth LE pairing traffic to be sniffed and used to bypass authentication for pairing.
An authenticated attacker can send a malformed packet to trigger a device crash via the CODESYS V2 runtime commands parsing.
Update: 08.07.2024 release date of the updates has been changed.
An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly release memory resources that were reserved for incomplete connection attempts by MODBUS clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the MODBUS server.
The “legal information” plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user.
UPDATE A 15.06.2023 :