2.7
CWE
610
Advisory Published
Updated

CVE-2023-4089: WAGO: Multiple products vulnerable to local file inclusion

First published: Tue Oct 17 2023(Updated: )

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Credit: info@cert.vde.com info@cert.vde.com

Affected SoftwareAffected VersionHow to fix
All of
Wago Compact Controller 100 Firmware>=19<=26
Wago Compact Controller 100
All of
Wago Edge Controller Firmware>=18<=26
Wago Edge Controller
All of
WAGO PFC100 Firmware>=16<=26
WAGO PFC100
All of
WAGO PFC200 Firmware>=16<=26
WAGO PFC200
All of
Wago Touch Panel 600 Advanced Firmware>=16<=26
Wago Touch Panel 600 Advanced
All of
Wago Touch Panel 600 Marine Firmware>=16<=26
Wago Touch Panel 600 Marine
All of
Wago Touch Panel 600 Standard Firmware>=16<=26
Wago Touch Panel 600 Standard

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID of this issue?

    The vulnerability ID of this issue is CVE-2023-4089.

  • What is the severity of CVE-2023-4089?

    CVE-2023-4089 has a severity value of 2.7 (low).

  • Which Wago products are affected by CVE-2023-4089?

    The affected Wago products are: Wago Compact Controller 100 Firmware (versions 19 to 26), Wago Edge Controller Firmware (versions 18 to 26), WAGO PFC100 Firmware (versions 16 to 26), WAGO PFC200 Firmware (versions 16 to 26), Wago Touch Panel 600 Advanced Firmware (versions 16 to 26), Wago Touch Panel 600 Marine Firmware (versions 16 to 26), and Wago Touch Panel 600 Standard Firmware (versions 16 to 26).

  • What can a remote attacker with administrative privileges do with CVE-2023-4089?

    A remote attacker with administrative privileges can access files to which they already have access through an undocumented local file inclusion.

  • How is the unauthorized access logged in CVE-2023-4089?

    The unauthorized access is logged in a different log file than expected.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203