CVE-2023-4089
WAGO: Multiple products vulnerable to local file inclusion
Severity Score
2.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
En los productos Wago afectados, un atacante remoto con privilegios administrativos puede acceder a archivos a los que ya tiene acceso a través de una inclusión de archivo local no documentada. Este acceso se registra en un archivo de registro diferente al esperado.
*Credits:
Floris Hendriks and Jeroen Wijenbergh from Radboud University
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-02 CVE Reserved
- 2023-10-17 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://cert.vde.com/en/advisories/VDE-2023-046 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wago Search vendor "Wago" | Compact Controller 100 Firmware Search vendor "Wago" for product "Compact Controller 100 Firmware" | >= 19 <= 26 Search vendor "Wago" for product "Compact Controller 100 Firmware" and version " >= 19 <= 26" | - |
Affected
| in | Wago Search vendor "Wago" | Compact Controller 100 Search vendor "Wago" for product "Compact Controller 100" | - | - |
Safe
|
Wago Search vendor "Wago" | Edge Controller Firmware Search vendor "Wago" for product "Edge Controller Firmware" | >= 18 <= 26 Search vendor "Wago" for product "Edge Controller Firmware" and version " >= 18 <= 26" | - |
Affected
| in | Wago Search vendor "Wago" | Edge Controller Search vendor "Wago" for product "Edge Controller" | - | - |
Safe
|
Wago Search vendor "Wago" | Pfc100 Firmware Search vendor "Wago" for product "Pfc100 Firmware" | >= 16 <= 26 Search vendor "Wago" for product "Pfc100 Firmware" and version " >= 16 <= 26" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc100 Search vendor "Wago" for product "Pfc100" | - | - |
Safe
|
Wago Search vendor "Wago" | Pfc200 Firmware Search vendor "Wago" for product "Pfc200 Firmware" | >= 16 <= 26 Search vendor "Wago" for product "Pfc200 Firmware" and version " >= 16 <= 26" | - |
Affected
| in | Wago Search vendor "Wago" | Pfc200 Search vendor "Wago" for product "Pfc200" | - | - |
Safe
|
Wago Search vendor "Wago" | Touch Panel 600 Advanced Firmware Search vendor "Wago" for product "Touch Panel 600 Advanced Firmware" | >= 16 <= 26 Search vendor "Wago" for product "Touch Panel 600 Advanced Firmware" and version " >= 16 <= 26" | - |
Affected
| in | Wago Search vendor "Wago" | Touch Panel 600 Advanced Search vendor "Wago" for product "Touch Panel 600 Advanced" | - | - |
Safe
|
Wago Search vendor "Wago" | Touch Panel 600 Marine Firmware Search vendor "Wago" for product "Touch Panel 600 Marine Firmware" | >= 16 <= 26 Search vendor "Wago" for product "Touch Panel 600 Marine Firmware" and version " >= 16 <= 26" | - |
Affected
| in | Wago Search vendor "Wago" | Touch Panel 600 Marine Search vendor "Wago" for product "Touch Panel 600 Marine" | - | - |
Safe
|
Wago Search vendor "Wago" | Touch Panel 600 Standard Firmware Search vendor "Wago" for product "Touch Panel 600 Standard Firmware" | >= 16 <= 26 Search vendor "Wago" for product "Touch Panel 600 Standard Firmware" and version " >= 16 <= 26" | - |
Affected
| in | Wago Search vendor "Wago" | Touch Panel 600 Standard Search vendor "Wago" for product "Touch Panel 600 Standard" | - | - |
Safe
|