CVE-2023-3379

🗓️ 20 Nov 2023 07:23:41Reported by CERTVDEType

Wago web-based management vulnerability for password chang

Reporter	Title	Published	Views	Family All 9
CNNVD	WAGO PFC100 Security Vulnerability	20 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-3379 WAGO: Improper Privilege Management in web-based management	20 Nov 202307:23	–	cvelist
EUVD	EUVD-2023-44046	3 Oct 202520:07	–	euvd
NVD	CVE-2023-3379	20 Nov 202308:15	–	nvd
OSV	CVE-2023-3379	20 Nov 202308:15	–	osv
Prion	Code injection	20 Nov 202308:15	–	prion
Positive Technologies	PT-2023-7175 · Wago · Wago Touch Panel 600 +2	20 Nov 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-3379	23 May 202506:06	–	redhatcve
Tenable Nessus	Wago Multiple Products Improper Privilege Management (CVE-2023-3379)	14 Feb 202400:00	–	nessus

NVD

Vulners

Node

wago compact_controller_100_firmwareRange≤25

AND

wago compact_controller_100Match-

Node

wago edge_controller_firmwareRange≤25

AND

wago edge_controllerMatch-

Node

wago pfc100_firmwareRange<22

wago pfc100_firmwareMatch22-

wago pfc100_firmwareMatch22patch_1

AND

wago pfc100Match-

Node

wago pfc200_firmwareRange<22

wago pfc200_firmwareMatch22-

wago pfc200_firmwareMatch22patch_1

wago pfc200_firmwareMatch23

wago pfc200_firmwareMatch24

AND

wago pfc200Match-

Node

wago touch_panel_600_advanced_firmwareRange≤25

AND

wago touch_panel_600_advancedMatch-

Node

wago touch_panel_600_marine_firmwareRange≤25

AND

wago touch_panel_600_marineMatch-

Node

wago touch_panel_600_standard_firmwareRange≤25

AND

wago touch_panel_600_standardMatch-

[
  {
    "defaultStatus": "unaffected",
    "product": "Compact Controller 100 (751-9301)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC100 (750-810x/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW22 Patch 1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC200 (750-820x/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC200 (750-821x/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW22 Patch 1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Advanced Line (762-5xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Marine Line (762-6xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Standard Line (762-4xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Edge Controller (752-8303/8000-002)",
    "vendor": "Wago",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2023-015/

21 Nov 2024 08:17Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.15.3

EPSS0.00026

CWE-863