CVE-2023-4089

Summary

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Affected Software

VendorProductVersion RangeStatus
WAGOCompact Controller CC100FW19 <= FW26affected
WAGOEdge ControllerFW18 <= FW26affected
WAGOPFC100FW16 <= FW26affected
WAGOPFC200FW16 <= FW26affected
WAGOTouch Panel 600 Advanced LineFW16 <= FW26affected
WAGOTouch Panel 600 Marine LineFW16 <= FW26affected
WAGOTouch Panel 600 Standard LineFW16 <= FW26affected

Weaknesses

  • CWE-610: CWE-610 Externally Controlled Reference to a Resource in Another Sphere

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References