CVE-2023-3379

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

Published: Nov 20, 2023
Updated: Dec 8, 2023
CVE: CVE-2023-3379
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
wago / compact_controller_100_firmware	-	25.x
wago / edge_controller_firmware	-	25.x
wago / pfc100_firmware	-	22
wago / pfc100_firmware	22-patch_1	22-patch_1.x
wago / pfc100_firmware	22	22.x
wago / pfc200_firmware	-	22
wago / pfc200_firmware	22-patch_1	22-patch_1.x
wago / pfc200_firmware	22	22.x
wago / pfc200_firmware	23	23.x
wago / pfc200_firmware	24	24.x
wago / touch_panel_600_advanced_firmware	-	25.x
wago / touch_panel_600_marine_firmware	-	25.x
wago / touch_panel_600_standard_firmware	-	25.x

https://cert.vde.com/en/advisories/VDE-2023-015/

Vulnerability Database

289,784

CVE-2023-3379