CVE-2023-4089

EPSS 0.09%
Published 17.10.2023 07:15:10
Last modified 21.11.2024 08:34:22
Source info@cert.vde.com
Teams watchlist Login
Open Login

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Wago ≫ Compact Controller 100 Firmware Version >= 19 <= 26

Wago ≫ Compact Controller 100 Version-

Wago ≫ Edge Controller Firmware Version >= 18 <= 26

Wago ≫ Edge Controller Version-

Wago ≫ Pfc100 Firmware Version >= 16 <= 26

Wago ≫ Pfc100 Version-

Wago ≫ Pfc200 Firmware Version >= 16 <= 26

Wago ≫ Pfc200 Version-

Wago ≫ Touch Panel 600 Advanced Firmware Version >= 16 <= 26

Wago ≫ Touch Panel 600 Advanced Version-

Wago ≫ Touch Panel 600 Marine Firmware Version >= 16 <= 26

Wago ≫ Touch Panel 600 Marine Version-

Wago ≫ Touch Panel 600 Standard Firmware Version >= 16 <= 26

Wago ≫ Touch Panel 600 Standard Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.262

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
info@cert.vde.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

https://cert.vde.com/en/advisories/VDE-2023-046/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4089

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4089

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4089

EUVD