CVE-2023-4089

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Published: Oct 17, 2023
Updated: Oct 18, 2023
CVE: CVE-2023-4089
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.7
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-610

Affected Software
References

Software	From	Fixed in
wago / compact_controller_100_firmware	19	26.x
wago / edge_controller_firmware	18	26.x
wago / pfc100_firmware	16	26.x
wago / pfc200_firmware	16	26.x
wago / touch_panel_600_advanced_firmware	16	26.x
wago / touch_panel_600_marine_firmware	16	26.x
wago / touch_panel_600_standard_firmware	16	26.x

https://cert.vde.com/en/advisories/VDE-2023-046/

Vulnerability Database

289,782

CVE-2023-4089