Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2023-015/ | Third Party Advisory |
https://cert.vde.com/en/advisories/VDE-2023-015/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
21 Nov 2024, 08:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert.vde.com/en/advisories/VDE-2023-015/ - Third Party Advisory |
02 Oct 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 |
30 Nov 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert.vde.com/en/advisories/VDE-2023-015/ - Third Party Advisory | |
CPE | cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:22:patch_1:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:22:patch_1:*:*:*:*:*:* cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:* cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:* cpe:2.3:o:wago:pfc200_firmware:24:*:*:*:*:*:*:* |
|
First Time |
Wago touch Panel 600 Standard Firmware
Wago pfc200 Wago touch Panel 600 Advanced Wago pfc100 Firmware Wago touch Panel 600 Marine Firmware Wago compact Controller 100 Wago compact Controller 100 Firmware Wago pfc200 Firmware Wago touch Panel 600 Advanced Firmware Wago Wago touch Panel 600 Marine Wago pfc100 Wago edge Controller Firmware Wago edge Controller Wago touch Panel 600 Standard |
|
CWE | NVD-CWE-noinfo |
20 Nov 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-20 08:15
Updated : 2024-11-21 08:17
NVD link : CVE-2023-3379
Mitre link : CVE-2023-3379
CVE.ORG link : CVE-2023-3379
JSON object : View
Products Affected
wago
- compact_controller_100_firmware
- compact_controller_100
- pfc200
- touch_panel_600_standard_firmware
- pfc200_firmware
- touch_panel_600_marine_firmware
- edge_controller_firmware
- pfc100_firmware
- touch_panel_600_marine
- touch_panel_600_advanced_firmware
- edge_controller
- touch_panel_600_advanced
- touch_panel_600_standard
- pfc100
CWE