QwikSec

Security Database

CVE

CWE

Training

CVE-2023-3379

Published: Nov 20, 2023

Modified: Oct 2, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

Vendor	Product	Versions
WAGO	Compact Controller 100 (751-9301)	affected `0 - <= FW25`
WAGO	PFC100 (750-810x/xxx-xxx)	affected `0 - <= FW22 Patch 1`
WAGO	PFC200 (750-820x/xxx-xxx)	affected `0 - <= FW25`
WAGO	PFC200 (750-821x/xxx-xxx)	affected `0 - <= FW22 Patch 1`
WAGO	Touch Panel 600 Advanced Line (762-5xxx)	affected `0 - <= FW25`
WAGO	Touch Panel 600 Marine Line (762-6xxx)	affected `0 - <= FW25`
WAGO	Touch Panel 600 Standard Line (762-4xxx)	affected `0 - <= FW25`
Wago	Edge Controller (752-8303/8000-002)	affected `0 - <= FW25`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://cert.vde.com/en/advisories/VDE-2023-015/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.