Lucene search

[email protected]NVD:CVE-2023-4089

HistoryOct 17, 2023 - 7:15 a.m.

CVE-2023-4089

2023-10-1707:15:10

CWE-610

[email protected]

web.nvd.nist.gov

wago

remote attacker

administrative privileges

file access

log file

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

3.6

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Affected configurations

Nvd

Node

wagocompact_controller_100Match-

AND

wagocompact_controller_100_firmwareRange19–26

Node

wagoedge_controllerMatch-

AND

wagoedge_controller_firmwareRange18–26

Node

wagopfc100Match-

AND

wagopfc100_firmwareRange16–26

Node

wagopfc200Match-

AND

wagopfc200_firmwareRange16–26

Node

wagotouch_panel_600_advancedMatch-

AND

wagotouch_panel_600_advanced_firmwareRange16–26

Node

wagotouch_panel_600_marineMatch-

AND

wagotouch_panel_600_marine_firmwareRange16–26

Node

wagotouch_panel_600_standardMatch-

AND

wagotouch_panel_600_standard_firmwareRange16–26

VendorProductVersionCPE
wagocompact_controller_100-cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*
wagocompact_controller_100_firmware*cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*
wagoedge_controller-cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*
wagoedge_controller_firmware*cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*
wagopfc100-cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*
wagopfc100_firmware*cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*
wagopfc200-cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*
wagopfc200_firmware*cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*
wagotouch_panel_600_advanced-cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*
wagotouch_panel_600_advanced_firmware*cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wago	compact_controller_100	-	cpe:2.3:h:wago:compact_controller_100:-:::::::*
wago	compact_controller_100_firmware	*	cpe:2.3:o:wago:compact_controller_100_firmware::::::::
wago	edge_controller	-	cpe:2.3:h:wago:edge_controller:-:::::::*
wago	edge_controller_firmware	*	cpe:2.3:o:wago:edge_controller_firmware::::::::
wago	pfc100	-	cpe:2.3:h:wago:pfc100:-:::::::*
wago	pfc100_firmware	*	cpe:2.3:o:wago:pfc100_firmware::::::::
wago	pfc200	-	cpe:2.3:h:wago:pfc200:-:::::::*
wago	pfc200_firmware	*	cpe:2.3:o:wago:pfc200_firmware::::::::
wago	touch_panel_600_advanced	-	cpe:2.3:h:wago:touch_panel_600_advanced:-:::::::*
wago	touch_panel_600_advanced_firmware	*	cpe:2.3:o:wago:touch_panel_600_advanced_firmware::::::::