CVE-2023-4089

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
References
Link Resource
https://cert.vde.com/en/advisories/VDE-2023-046/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*

History

24 Oct 2023, 18:00

Type Values Removed Values Added
CPE cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-046/ - (MISC) https://cert.vde.com/en/advisories/VDE-2023-046/ - Third Party Advisory
First Time Wago edge Controller Firmware
Wago edge Controller
Wago touch Panel 600 Standard Firmware
Wago pfc100 Firmware
Wago compact Controller 100 Firmware
Wago
Wago pfc200
Wago touch Panel 600 Standard
Wago compact Controller 100
Wago touch Panel 600 Marine Firmware
Wago pfc200 Firmware
Wago touch Panel 600 Advanced Firmware
Wago touch Panel 600 Marine
Wago touch Panel 600 Advanced
Wago pfc100

17 Oct 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-17 07:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4089

Mitre link : CVE-2023-4089

CVE.ORG link : CVE-2023-4089


JSON object : View

Products Affected

wago

  • pfc200
  • pfc200_firmware
  • touch_panel_600_marine
  • touch_panel_600_standard_firmware
  • touch_panel_600_advanced
  • pfc100_firmware
  • edge_controller
  • compact_controller_100
  • edge_controller_firmware
  • pfc100
  • touch_panel_600_standard
  • touch_panel_600_advanced_firmware
  • touch_panel_600_marine_firmware
  • compact_controller_100_firmware
CWE
CWE-610

Externally Controlled Reference to a Resource in Another Sphere