Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2023-015/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
30 Nov 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
First Time |
Wago edge Controller
Wago touch Panel 600 Marine Firmware Wago touch Panel 600 Advanced Firmware Wago Wago compact Controller 100 Wago pfc100 Firmware Wago pfc200 Firmware Wago touch Panel 600 Advanced Wago touch Panel 600 Standard Firmware Wago touch Panel 600 Marine Wago edge Controller Firmware Wago touch Panel 600 Standard Wago pfc100 Wago compact Controller 100 Firmware Wago pfc200 |
|
References | () https://cert.vde.com/en/advisories/VDE-2023-015/ - Third Party Advisory | |
CPE | cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:22:patch_1:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:* cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:* cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:22:patch_1:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:24:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:* cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:* |
20 Nov 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-20 08:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-3379
Mitre link : CVE-2023-3379
CVE.ORG link : CVE-2023-3379
JSON object : View
Products Affected
wago
- pfc100
- edge_controller
- touch_panel_600_advanced_firmware
- touch_panel_600_marine_firmware
- touch_panel_600_marine
- pfc100_firmware
- touch_panel_600_standard_firmware
- pfc200_firmware
- compact_controller_100
- touch_panel_600_standard
- pfc200
- edge_controller_firmware
- touch_panel_600_advanced
- compact_controller_100_firmware
CWE