CVE-2023-3379: WAGO: Improper Privilege Management in web-based management
First published: Mon Nov 20 2023(Updated: )
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Wago Compact Controller 100 Firmware | <=25 | |
| Wago Compact Controller 100 | ||
| All of | ||
| Wago Edge Controller Firmware | <=25 | |
| Wago Edge Controller | ||
| All of | ||
| Any of | ||
| WAGO PFC100 Firmware | <22 | |
| WAGO PFC100 Firmware | =22 | |
| WAGO PFC100 Firmware | =22-patch_1 | |
| WAGO PFC100 | ||
| All of | ||
| Any of | ||
| WAGO PFC200 Firmware | <22 | |
| WAGO PFC200 Firmware | =22 | |
| WAGO PFC200 Firmware | =22-patch_1 | |
| WAGO PFC200 Firmware | =23 | |
| WAGO PFC200 Firmware | =24 | |
| WAGO PFC200 | ||
| All of | ||
| Wago Touch Panel 600 Advanced Firmware | <=25 | |
| Wago Touch Panel 600 Advanced | ||
| All of | ||
| Wago Touch Panel 600 Marine Firmware | <=25 | |
| Wago Touch Panel 600 Marine | ||
| All of | ||
| Wago Touch Panel 600 Standard Firmware | <=25 | |
| Wago Touch Panel 600 Standard |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-3379?
CVE-2023-3379 is a vulnerability in Wago web-based management that allows a local authenticated attacker to change the passwords of other non-admin users and escalate privileges.
Which products are affected by CVE-2023-3379?
The Wago Compact Controller 100 Firmware (up to version 25), Wago Edge Controller Firmware (up to version 25), WAGO PFC100 Firmware (up to version 22), WAGO PFC200 Firmware (up to version 22), Wago Touch Panel 600 Advanced Firmware (up to version 25), Wago Touch Panel 600 Marine Firmware (up to version 25), and Wago Touch Panel 600 Standard Firmware (up to version 25) are affected.
What is the severity of CVE-2023-3379?
CVE-2023-3379 has a severity rating of 5.3 (medium).
How can I fix CVE-2023-3379?
To fix CVE-2023-3379, users should update their firmware to the latest version provided by Wago and ensure proper privilege management.
Where can I find more information about CVE-2023-3379?
More information about CVE-2023-3379 can be found on the VDE CERT website at the following link: [VDE-2023-015](https://cert.vde.com/en/advisories/VDE-2023-015/).
- collector/mitre-cve
- collector/nvd-api
- vendor/wago
- canonical/wago compact controller 100 firmware
- version/wago compact controller 100 firmware/25
- canonical/wago compact controller 100
- canonical/wago edge controller firmware
- version/wago edge controller firmware/25
- canonical/wago edge controller
- canonical/wago pfc100 firmware
- version/wago pfc100 firmware/22
- version/wago pfc100 firmware/22-patch_1
- canonical/wago pfc100
- canonical/wago pfc200 firmware
- version/wago pfc200 firmware/22
- version/wago pfc200 firmware/22-patch_1
- version/wago pfc200 firmware/23
- version/wago pfc200 firmware/24
- canonical/wago pfc200
- canonical/wago touch panel 600 advanced firmware
- version/wago touch panel 600 advanced firmware/25
- canonical/wago touch panel 600 advanced
- canonical/wago touch panel 600 marine firmware
- version/wago touch panel 600 marine firmware/25
- canonical/wago touch panel 600 marine
- canonical/wago touch panel 600 standard firmware
- version/wago touch panel 600 standard firmware/25
- canonical/wago touch panel 600 standard