Vulnerability Description
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | Compact Controller 100 Firmware | >= 19, <= 26 |
| Wago | Compact Controller 100 | - |
| Wago | Edge Controller Firmware | >= 18, <= 26 |
| Wago | Edge Controller | - |
| Wago | Pfc100 Firmware | >= 16, <= 26 |
| Wago | Pfc100 | - |
| Wago | Pfc200 Firmware | >= 16, <= 26 |
| Wago | Pfc200 | - |
| Wago | Touch Panel 600 Advanced Firmware | >= 16, <= 26 |
| Wago | Touch Panel 600 Advanced | - |
| Wago | Touch Panel 600 Marine Firmware | >= 16, <= 26 |
| Wago | Touch Panel 600 Marine | - |
| Wago | Touch Panel 600 Standard Firmware | >= 16, <= 26 |
| Wago | Touch Panel 600 Standard | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-046/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-046/Third Party Advisory
FAQ
What is CVE-2023-4089?
CVE-2023-4089 is a vulnerability with a CVSS score of 2.7 (LOW). On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a ...
How severe is CVE-2023-4089?
CVE-2023-4089 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4089?
Check the references section above for vendor advisories and patch information. Affected products include: Wago Compact Controller 100 Firmware, Wago Compact Controller 100, Wago Edge Controller Firmware, Wago Edge Controller, Wago Pfc100 Firmware.