CVE-2023-4089
2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | Compact Controller CC100 | FW19 <= FW26 | affected |
| WAGO | Edge Controller | FW18 <= FW26 | affected |
| WAGO | PFC100 | FW16 <= FW26 | affected |
| WAGO | PFC200 | FW16 <= FW26 | affected |
| WAGO | Touch Panel 600 Advanced Line | FW16 <= FW26 | affected |
| WAGO | Touch Panel 600 Marine Line | FW16 <= FW26 | affected |
| WAGO | Touch Panel 600 Standard Line | FW16 <= FW26 | affected |
Weaknesses
- CWE-610: CWE-610 Externally Controlled Reference to a Resource in Another Sphere
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.