CVE-2023-3379
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | Compact Controller 100 (751-9301) | 0 <= FW25 | affected |
| WAGO | PFC100 (750-810x/xxx-xxx) | 0 <= FW22 Patch 1 | affected |
| WAGO | PFC200 (750-820x/xxx-xxx) | 0 <= FW25 | affected |
| WAGO | PFC200 (750-821x/xxx-xxx) | 0 <= FW22 Patch 1 | affected |
| WAGO | Touch Panel 600 Advanced Line (762-5xxx) | 0 <= FW25 | affected |
| WAGO | Touch Panel 600 Marine Line (762-6xxx) | 0 <= FW25 | affected |
| WAGO | Touch Panel 600 Standard Line (762-4xxx) | 0 <= FW25 | affected |
| Wago | Edge Controller (752-8303/8000-002) | 0 <= FW25 | affected |
Weaknesses
- CWE-863: CWE-863 Incorrect Authorization
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.