WAGO: Multiple products vulnerable to local file inclusion
CVE-2023-4089

2.7LOW

Key Information:

Vendor
Wago
Status
Compact Controller Cc100
Edge Controller
Pfc100
Pfc200
Vendor
CVE Published:
17 October 2023

Summary

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Affected Version(s)

Compact Controller CC100 FW19

Edge Controller FW18

PFC100 FW16

References

https://cert.vde.com/en/advisories/VDE-2023-046/

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Floris Hendriks and Jeroen Wijenbergh from Radboud University
.
CVE-2023-4089 : WAGO: Multiple products vulnerable to local file inclusion | SecurityVulnerability.io