CVE-2023-3379 WAGO: Improper Privilege Management in web-based management

🗓️ 20 Nov 2023 07:23:41Reported by CERTVDEType

WAGO web-based privilege vulnerabilit

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability in the web-based interface for controlling WAGO PFC100/PFC200 programmable logic controllers, Edge Controllers, and WAGO Touch Panel 600 sensor panels allows a perpetrator to gain increased privileges.	29 Nov 202300:00	–	bdu_fstec
CNNVD	WAGO PFC100 Security Vulnerability	20 Nov 202300:00	–	cnnvd
CVE	CVE-2023-3379	20 Nov 202307:23	–	cve
EUVD	EUVD-2023-44046	3 Oct 202520:07	–	euvd
NVD	CVE-2023-3379	20 Nov 202308:15	–	nvd
OSV	CVE-2023-3379	20 Nov 202308:15	–	osv
Prion	Code injection	20 Nov 202308:15	–	prion
Positive Technologies	PT-2023-7175 · Wago · Wago Touch Panel 600 +2	20 Nov 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-3379	23 May 202506:06	–	redhatcve
Tenable Nessus	Wago Multiple Products Improper Privilege Management (CVE-2023-3379)	14 Feb 202400:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "Compact Controller 100 (751-9301)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC100 (750-810x/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW22 Patch 1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC200 (750-820x/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC200 (750-821x/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW22 Patch 1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Advanced Line (762-5xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Marine Line (762-6xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Standard Line (762-4xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Edge Controller (752-8303/8000-002)",
    "vendor": "Wago",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2023-015/

02 Oct 2024 05:34Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3

EPSS0.00026

CWE-863