CVE-2024-41969 – WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41969
A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVE-2024-41967 – WAGO: Boot Mode Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41967
A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVE-2024-41968 – WAGO: Docker Settings Manipulation in Multiple Devices
https://notcve.org/view.php?id=CVE-2024-41968
A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •
CVE-2023-3379 – WAGO: Improper Privilege Management in web-based management
https://notcve.org/view.php?id=CVE-2023-3379
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. La administración de múltiples productos basada en web de Wago tiene una vulnerabilidad que permite a un atacante autenticado local cambiar las contraseñas de otros usuarios que no sean administradores y así escalar privilegios no root. • https://cert.vde.com/en/advisories/VDE-2023-015 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVE-2023-4089 – WAGO: Multiple products vulnerable to local file inclusion
https://notcve.org/view.php?id=CVE-2023-4089
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. En los productos Wago afectados, un atacante remoto con privilegios administrativos puede acceder a archivos a los que ya tiene acceso a través de una inclusión de archivo local no documentada. Este acceso se registra en un archivo de registro diferente al esperado. • https://cert.vde.com/en/advisories/VDE-2023-046 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •