CVE-2023-3379

Summary

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

Affected Software

VendorProductVersion RangeStatus
WAGOCompact Controller 100 (751-9301)0 <= FW25affected
WAGOPFC100 (750-810x/xxx-xxx)0 <= FW22 Patch 1affected
WAGOPFC200 (750-820x/xxx-xxx)0 <= FW25affected
WAGOPFC200 (750-821x/xxx-xxx)0 <= FW22 Patch 1affected
WAGOTouch Panel 600 Advanced Line (762-5xxx)0 <= FW25affected
WAGOTouch Panel 600 Marine Line (762-6xxx)0 <= FW25affected
WAGOTouch Panel 600 Standard Line (762-4xxx)0 <= FW25affected
WagoEdge Controller (752-8303/8000-002)0 <= FW25affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

References