Exploit for OS Command Injection in Wago Compact Controller 100 Firmware CVE-2023-1698

Name: Exploit for OS Command Injection in Wago Compact Controller 100 Firmware CVE-2023-1698
Rating: 5 (97 reviews)

2025-02-21 | CVSS 9.8

## https://sploitus.com/exploit?id=2BFC2609-BF7F-5C2D-A373-61AF9D995927
# wago_exploit.py - PoC Exploit for CVE-2023-1698  
![WAGO](https://github.com/user-attachments/assets/82fee478-64a7-4efe-ba49-75930fcc7084)

![Exploit Status](https://img.shields.io/badge/status-working-success)  
![Python Version](https://img.shields.io/badge/python-3.x-blue)  
![License](https://img.shields.io/badge/license-MIT-green)  

## 🚀 About  

**wago_exploit.py** is a proof-of-concept (PoC) exploit for **CVE-2023-1698**, a critical vulnerability affecting **WAGO PLCs**. This exploit grants the attacker **shell access** to the device, potentially exposing sensitive operations.  

> **⚠️ Disclaimer:** This repository is for educational and research purposes only. Unauthorized use may be illegal. Use responsibly.

## 🛡️ Mitigation

To protect against this exploit:

Patch your firmware: Ensure you are running the latest firmware version from WAGO.
Network segmentation: Restrict access to PLCs from untrusted networks.
Firewall rules: Block unauthorized access to vulnerable endpoints.

![Screenshot ](https://github.com/user-attachments/assets/b76ab5d1-dd06-4707-a270-78f22f56d445)


## 📜 Requirements  

- Python 3.x  
- `requests` library  
- Network access to the target WAGO PLC  

Install dependencies & Usage 🎯:  
```bash
git clone https://github.com/X3RX3SSec/CVE-2023-1698
cd CVE-2023-1698
pip install requirements.txt

python3 wago_exploit.py -u http://IP:PORT