CVE-2023-4089

Published Oct 17, 2023

Last updated a year ago

CVSS low 2.7

Overview

Description: On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
Source: info@cert.vde.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 2.7
Impact score: 1.4
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

info@cert.vde.com: CWE-610

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "532907AF-7E4A-4065-A799-753FC3313D6C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A495C583-8184-45A5-81E9-E621A58B7E51",
            "versionEndIncluding": "26",
            "versionStartIncluding": "19"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2DFC57C8-6AF4-4771-B0A0-744137FBFECF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85625EA0-E44C-4A48-BA05-5D506CFDB678",
            "versionEndIncluding": "26",
            "versionStartIncluding": "18"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F636354-95A2-4B36-9666-1FA57F185432"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E5D5929-675F-493C-B3AF-70C7C79D3CEB",
            "versionEndIncluding": "26",
            "versionStartIncluding": "16"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "688A3248-7EAA-499D-A47C-A4D4900CDBD1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F73AE30-E917-433E-BB67-CA383FCDDAFC",
            "versionEndIncluding": "26",
            "versionStartIncluding": "16"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A8221861-7455-41D5-B310-6AEA822B46CF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DA3F602-1720-4B4B-A834-BD620D9B1F54",
            "versionEndIncluding": "26",
            "versionStartIncluding": "16"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "83DEFFBC-934D-43BE-92AE-25F8EE8C1E0A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1FED163-F917-4CBC-83DA-D4D751C9121B",
            "versionEndIncluding": "26",
            "versionStartIncluding": "16"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6D7A44C-2D95-4F69-A7DB-435B0A6F9F03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98F0C3C2-DE57-4134-AC3C-3D000A33528A",
            "versionEndIncluding": "26",
            "versionStartIncluding": "16"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References