Remote Project Enumeration Vulnerability in Wago Smart Designer
CVE-2023-5872

4.3MEDIUM

Key Information:

Vendor: Wago
Status: Smart Designer
Vendor: CVE Published:; 16 April 2026

What is CVE-2023-5872?

In Wago Smart Designer versions up to 2.33.1, a vulnerability exists that allows a remote attacker with low privileges to enumerate projects and usernames. This can be accomplished through repeated requests to a specific endpoint, potentially exposing sensitive information and compromising system integrity.

Affected Version(s)

Smart Designer 0.0.0 <= 2.33.1

References

https://certvde.com/de/advisories/VDE-2023-045

https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Oct 31, 2023

Credit

Brett Dewall from White Oak Security

CVE-2023-5872 Data

JSON