CVE-2023-3379
- EPSS 0.03%
- Veröffentlicht 20.11.2023 08:15:44
- Zuletzt bearbeitet 21.11.2024 08:17:08
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
CVE-2023-4089
- EPSS 0.09%
- Veröffentlicht 17.10.2023 07:15:10
- Zuletzt bearbeitet 21.11.2024 08:34:22
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
CVE-2023-1698
- EPSS 93.76%
- Veröffentlicht 15.05.2023 09:15:09
- Zuletzt bearbeitet 21.11.2024 07:39:43
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
CVE-2022-3738
- EPSS 0.09%
- Veröffentlicht 19.01.2023 12:15:11
- Zuletzt bearbeitet 21.11.2024 07:20:08
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last ...