First published: Mon Nov 20 2023(Updated: )
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Wago Compact Controller 100 Firmware | <=25 | |
Wago Compact Controller 100 | ||
All of | ||
Wago Edge Controller Firmware | <=25 | |
Wago Edge Controller | ||
All of | ||
Any of | ||
WAGO PFC100 Firmware | <22 | |
WAGO PFC100 Firmware | =22 | |
WAGO PFC100 Firmware | =22-patch_1 | |
WAGO PFC100 | ||
All of | ||
Any of | ||
WAGO PFC200 Firmware | <22 | |
WAGO PFC200 Firmware | =22 | |
WAGO PFC200 Firmware | =22-patch_1 | |
WAGO PFC200 Firmware | =23 | |
WAGO PFC200 Firmware | =24 | |
WAGO PFC200 | ||
All of | ||
Wago Touch Panel 600 Advanced Firmware | <=25 | |
Wago Touch Panel 600 Advanced | ||
All of | ||
Wago Touch Panel 600 Marine Firmware | <=25 | |
Wago Touch Panel 600 Marine | ||
All of | ||
Wago Touch Panel 600 Standard Firmware | <=25 | |
Wago Touch Panel 600 Standard |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3379 is a vulnerability in Wago web-based management that allows a local authenticated attacker to change the passwords of other non-admin users and escalate privileges.
The Wago Compact Controller 100 Firmware (up to version 25), Wago Edge Controller Firmware (up to version 25), WAGO PFC100 Firmware (up to version 22), WAGO PFC200 Firmware (up to version 22), Wago Touch Panel 600 Advanced Firmware (up to version 25), Wago Touch Panel 600 Marine Firmware (up to version 25), and Wago Touch Panel 600 Standard Firmware (up to version 25) are affected.
CVE-2023-3379 has a severity rating of 5.3 (medium).
To fix CVE-2023-3379, users should update their firmware to the latest version provided by Wago and ensure proper privilege management.
More information about CVE-2023-3379 can be found on the VDE CERT website at the following link: [VDE-2023-015](https://cert.vde.com/en/advisories/VDE-2023-015/).