Vulnerability Description
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | Compact Controller 100 Firmware | <= 25 |
| Wago | Compact Controller 100 | - |
| Wago | Edge Controller Firmware | <= 25 |
| Wago | Edge Controller | - |
| Wago | Pfc100 Firmware | < 22 |
| Wago | Pfc100 | - |
| Wago | Pfc200 Firmware | < 22 |
| Wago | Pfc200 | - |
| Wago | Touch Panel 600 Advanced Firmware | <= 25 |
| Wago | Touch Panel 600 Advanced | - |
| Wago | Touch Panel 600 Marine Firmware | <= 25 |
| Wago | Touch Panel 600 Marine | - |
| Wago | Touch Panel 600 Standard Firmware | <= 25 |
| Wago | Touch Panel 600 Standard | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-015/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-015/Third Party Advisory
FAQ
What is CVE-2023-3379?
CVE-2023-3379 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileg...
How severe is CVE-2023-3379?
CVE-2023-3379 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3379?
Check the references section above for vendor advisories and patch information. Affected products include: Wago Compact Controller 100 Firmware, Wago Compact Controller 100, Wago Edge Controller Firmware, Wago Edge Controller, Wago Pfc100 Firmware.