Vulnerability-Lookup

VDE-2023-046

Vulnerability from csaf_wagogmbhcokg - Published: 2023-10-23 10:00 - Updated: 2025-04-28 10:00

Summary

WAGO: Multiple products vulnerable to local file inclusion

Notes

Summary: An attacker with administrative privileges which can access sensitive files, can additionally access them in an unintended, undocumented way.

Impact: The user might not notice that files are accessed.

Remediation: We recommend all effected users to update to the fixed firmware versions.

Mitigation: As general security measures strongly WAGO recommends: 1. Use general security best practices to protect systems from local and network attacks. 2. Do not allow direct access to the device from untrusted networks. 3. Update to the latest firmware according to the table in chapter solutions.

CVE-2023-4089

An attacker with administrative privileges can access files to which he has already access to, over the web server in an unintended way which is not documented. The access is logged in a different log file.

The user might not notice that files are accessed.

As general security measures strongly WAGO recommends: 1. Use general security best practices to protect systems from local and network attacks. 2. Do not allow direct access to the device from untrusted networks. 3. Update to the latest firmware according to the table in chapter solutions.

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Vendor Fix Update to Firmware 4.7.1 (FW29), Firmware 03.10.11 (FW22 Patch 2). For the latest Custom Firmware, please contact the WAGO support.

References

URL

Category

	https://www.wago.com/de-en/automation-technology/psirt	self
	https://certvde.com/de/advisories/vendor/wago/	external
	https://certvde.com/en/advisories/VDE-2023-046	self
	https://wago.csaf-tp.certvde.com/.well-known/csaf…	self
	https://certvde.com/en/advisories/VDE-2023-046	self

Acknowledgments

CERT@VDE

Radboud University Floris Hendriks Jeroen Wijenbergh

Sopra Steria Red Team Alwin Warringa

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      },
      {
        "names": [
          "Floris Hendriks",
          "Jeroen Wijenbergh"
        ],
        "organization": "Radboud University",
        "summary": "reporting"
      },
      {
        "names": [
          "Alwin Warringa"
        ],
        "organization": "Sopra Steria Red Team",
        "summary": "re-reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "An attacker with administrative privileges which can access sensitive files, can additionally access them in an unintended, undocumented way.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The user might not notice that files are accessed. ",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "We recommend all effected users to update to the fixed firmware versions.",
        "title": "Remediation"
      },
      {
        "category": "description",
        "text": "As general security measures strongly WAGO recommends:\n1. Use general security best practices to protect systems from local and network\nattacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "self",
        "summary": "WAGO PSIRT",
        "url": "https://www.wago.com/de-en/automation-technology/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO",
        "url": "https://certvde.com/de/advisories/vendor/wago/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-046: WAGO: Multiple products vulnerable to local file inclusion - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-046"
      },
      {
        "category": "self",
        "summary": "VDE-2023-046: WAGO: Multiple products vulnerable to local file inclusion - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-046.json"
      }
    ],
    "title": "WAGO: Multiple products vulnerable to local file inclusion",
    "tracking": {
      "aliases": [
        "VDE-2023-046"
      ],
      "current_release_date": "2025-04-28T10:00:00.000Z",
      "generator": {
        "date": "2025-04-25T06:06:41.550Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.21"
        }
      },
      "id": "VDE-2023-046",
      "initial_release_date": "2023-10-23T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-10-23T10:00:00.000Z",
          "number": "1",
          "summary": "Final document."
        },
        {
          "date": "2025-04-28T10:00:00.000Z",
          "number": "2",
          "summary": "The fixed versions have been updated, because the previously mentioned versions are still vulnerable to this issue. More details have been added to the hardware devices. More affected version numbers were added to the firmwares."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0751-9x01",
                    "product": {
                      "name": "WAGO CC100 0751-9x01",
                      "product_id": "CSAFPID-11001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0751-9?01"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "CC100"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0750-810x/xxxx-xxxx",
                    "product": {
                      "name": "WAGO PFC100 G1 0750-810x/xxxx-xxxx",
                      "product_id": "CSAFPID-11002",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0750-810?/????-????"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "PFC100 G1"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0750-811x-xxxx-xxxx",
                    "product": {
                      "name": "WAGO PFC100 G2 0750-811x-xxxx-xxxx",
                      "product_id": "CSAFPID-11003",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0750-811?-????-????"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "PFC100 G2"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "750-820x-xxx-xxx",
                    "product": {
                      "name": "WAGO PFC200 G1 750-820x-xxx-xxx",
                      "product_id": "CSAFPID-11004",
                      "product_identification_helper": {
                        "model_numbers": [
                          " 750-820?-????-????"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "PFC200 G1"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "750-821x-xxx-xxx",
                    "product": {
                      "name": "WAGO PFC200 G2 750-821x-xxx-xxx",
                      "product_id": "CSAFPID-11005",
                      "product_identification_helper": {
                        "model_numbers": [
                          "750-821?-????-????"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "PFC200 G2"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0762-420x/8000-000x",
                    "product": {
                      "name": "WAGO TP600 0762-420x/8000-000x",
                      "product_id": "CSAFPID-11006",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-420?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-430x/8000-000x",
                    "product": {
                      "name": "WAGO TP600 0762-430x/8000-000x",
                      "product_id": "CSAFPID-11007",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-430?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-520x/8000-000x",
                    "product": {
                      "name": "WAGO TP600 0762-520x/8000-000x",
                      "product_id": "CSAFPID-11008",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-520?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-530x/8000-000x",
                    "product": {
                      "name": "WAGO TP600 0762-530x/8000-000x",
                      "product_id": "CSAFPID-11009",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-530?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-620x/8000-000x",
                    "product": {
                      "name": "WAGO TP600 0762-620x/8000-000x",
                      "product_id": "CSAFPID-11010",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-620?/8000-000?"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0762-630x/8000-000x",
                    "product": {
                      "name": "WAGO TP600 0762-630x/8000-000x",
                      "product_id": "CSAFPID-11011",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0762-630?/8000-000?"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "TP600"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0752-8303/8000-0002",
                    "product": {
                      "name": "WAGO Edge Controller 0752-8303/8000-0002",
                      "product_id": "CSAFPID-11012",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0752-8303/8000-0002"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "Edge Controller"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "03.07.14\u003c04.07.01",
                "product": {
                  "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29)",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_name",
                "name": "04.07.01",
                "product": {
                  "name": "WAGO Firmware 04.07.01 (FW29)",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version_range",
                "name": "03.07.14\u003c03.10.11",
                "product": {
                  "name": "WAGO Firmware 03.07.14 (FW19)\u003c03.10.11 (FW22 Patch 2)",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version",
                "name": "03.10.11",
                "product": {
                  "name": "WAGO Firmware 03.10.11 (FW22 Patch 2)",
                  "product_id": "CSAFPID-22002"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c04.07.01 (70)",
                "product": {
                  "name": "Custom Firmware \u003c04.07.01 (70)",
                  "product_id": "CSAFPID-21003"
                }
              },
              {
                "category": "product_version",
                "name": "04.07.01 (70)",
                "product": {
                  "name": "Custom Firmware 04.07.01 (70)",
                  "product_id": "CSAFPID-22003"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c03.10.11 (70)",
                "product": {
                  "name": "Custom Firmware \u003c03.10.11 (70)",
                  "product_id": "CSAFPID-21004"
                }
              },
              {
                "category": "product_version",
                "name": "03.10.11 (70)",
                "product": {
                  "name": "Custom Firmware 03.10.11 (70)",
                  "product_id": "CSAFPID-22004"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO CC100 0751-9x01",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c03.10.11 (FW22 Patch 2) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO PFC100 G2 0750-811x-xxxx-xxxx",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c03.10.11 (FW22 Patch 2) installed on WAGO PFC200 G1 750-820x-xxx-xxx",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO PFC200 G2 750-821x-xxx-xxx",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO TP600 0762-420x/8000-000x",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO TP600 0762-430x/8000-000x",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO TP600 0762-520x/8000-000x",
          "product_id": "CSAFPID-31008"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO TP600 0762-530x/8000-000x",
          "product_id": "CSAFPID-31009"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO TP600 0762-620x/8000-000x",
          "product_id": "CSAFPID-31010"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO TP600 0762-630x/8000-000x",
          "product_id": "CSAFPID-31011"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.07.14 (FW19)\u003c04.07.01 (FW29) installed on WAGO Edge Controller 0752-8303/8000-0002",
          "product_id": "CSAFPID-31012"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO CC100 0751-9x01",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.10.11 (FW22 Patch 2) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO PFC100 G2 0750-811x-xxxx-xxxx",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 03.10.11 (FW22 Patch 2) installed on WAGO PFC200 G1 750-820x-xxx-xxx",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO PFC200 G2 750-821x-xxx-xxx",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-420x/8000-000x",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-430x/8000-000x",
          "product_id": "CSAFPID-32007"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-520x/8000-000x",
          "product_id": "CSAFPID-32008"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-530x/8000-000x",
          "product_id": "CSAFPID-32009"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-620x/8000-000x",
          "product_id": "CSAFPID-32010"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO TP600 0762-630x/8000-000x",
          "product_id": "CSAFPID-32011"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "WAGO Firmware 04.07.01 (FW29) installed on WAGO Edge Controller 0752-8303/8000-0002",
          "product_id": "CSAFPID-32012"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO CC100 0751-9x01",
          "product_id": "CSAFPID-31013"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c03.10.11 (70) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx",
          "product_id": "CSAFPID-31014"
        },
        "product_reference": "CSAFPID-21004",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO PFC100 G2 0750-811x-xxxx-xxxx",
          "product_id": "CSAFPID-31015"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c03.10.11 (70) installed on WAGO PFC200 G1 750-820x-xxx-xxx",
          "product_id": "CSAFPID-31016"
        },
        "product_reference": "CSAFPID-21004",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO PFC200 G2 750-821x-xxx-xxx",
          "product_id": "CSAFPID-31017"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO TP600 0762-420x/8000-000x",
          "product_id": "CSAFPID-31018"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO TP600 0762-430x/8000-000x",
          "product_id": "CSAFPID-31019"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO TP600 0762-520x/8000-000x",
          "product_id": "CSAFPID-31020"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO TP600 0762-530x/8000-000x",
          "product_id": "CSAFPID-31021"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO TP600 0762-620x/8000-000x",
          "product_id": "CSAFPID-31022"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO TP600 0762-630x/8000-000x",
          "product_id": "CSAFPID-31023"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware \u003c04.07.01 (70) installed on WAGO Edge Controller 0752-8303/8000-0002",
          "product_id": "CSAFPID-31024"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO CC100 0751-9x01",
          "product_id": "CSAFPID-32013"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 03.10.11 (70) installed on WAGO PFC100 G1 0750-810x/xxxx-xxxx",
          "product_id": "CSAFPID-32014"
        },
        "product_reference": "CSAFPID-22004",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO PFC100 G2 0750-811x-xxxx-xxxx",
          "product_id": "CSAFPID-32015"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 03.10.11 (70) installed on WAGO PFC200 G1 750-820x-xxx-xxx",
          "product_id": "CSAFPID-32016"
        },
        "product_reference": "CSAFPID-22004",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO PFC200 G2 750-821x-xxx-xxx",
          "product_id": "CSAFPID-32017"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-420x/8000-000x",
          "product_id": "CSAFPID-32018"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-430x/8000-000x",
          "product_id": "CSAFPID-32019"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-520x/8000-000x",
          "product_id": "CSAFPID-32020"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-530x/8000-000x",
          "product_id": "CSAFPID-32021"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-620x/8000-000x",
          "product_id": "CSAFPID-32022"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO TP600 0762-630x/8000-000x",
          "product_id": "CSAFPID-32023"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Custom Firmware 04.07.01 (70) installed on WAGO Edge Controller 0752-8303/8000-0002",
          "product_id": "CSAFPID-32024"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11012"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-4089",
      "cwe": {
        "id": "CWE-610",
        "name": "Externally Controlled Reference to a Resource in Another Sphere"
      },
      "notes": [
        {
          "category": "description",
          "text": "An attacker with administrative privileges can access files to which he has already access to, over the web server in an unintended way which is not documented. The access is logged in a different log file.",
          "title": "Vulnerability Description"
        },
        {
          "category": "description",
          "text": "The user might not notice that files are accessed. ",
          "title": "Impact"
        },
        {
          "category": "description",
          "text": "As general security measures strongly WAGO recommends:\n1. Use general security best practices to protect systems from local and network\nattacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.",
          "title": "Mitigatiion"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "VDE-2023-046: Vulnerability to local file inclusion",
          "url": "https://certvde.com/en/advisories/VDE-2023-046"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to Firmware 4.7.1 (FW29), Firmware 03.10.11 (FW22 Patch 2). For the latest Custom Firmware, please contact the WAGO support.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "environmentalScore": 2.7,
            "environmentalSeverity": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017",
            "CSAFPID-31018",
            "CSAFPID-31019",
            "CSAFPID-31020",
            "CSAFPID-31021",
            "CSAFPID-31022",
            "CSAFPID-31023",
            "CSAFPID-31024"
          ]
        }
      ],
      "title": "CVE-2023-4089"
    }
  ]
}

BDU:2023-07085

Vulnerability from fstec - Published: 17.10.2023

Title

Description

Уязвимость микропрограммного обеспечения контроллеров WAGO CC100, Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced Line, Touch Panel 600 Marine Line, Touch Panel 600 Standard Line связана с ошибками при обработке гипертекстовых ссылок.Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Vendor

WAGO Kontakttechnik GmbH & Co. KG

Software Name

WAGO Compact Controller CC100, WAGO Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced, Touch Panel 600 Marine, Touch Panel 600 Standard

Software Version

от FW19 до FW26 включительно (WAGO Compact Controller CC100), от FW19 до FW26 включительно (WAGO Edge Controller), от FW19 до FW26 включительно (PFC100), от FW19 до FW26 включительно (PFC200), от FW19 до FW26 включительно (Touch Panel 600 Advanced), от FW19 до FW26 включительно (Touch Panel 600 Marine), от FW19 до FW26 включительно (Touch Panel 600 Standard)

Possible Mitigations

Использование рекомендаций: https://cert.vde.com/en/advisories/VDE-2023-046/

Reference

https://cert.vde.com/en/advisories/VDE-2023-046/

CWE

CWE-610

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "WAGO Kontakttechnik GmbH \u0026 Co. KG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 FW19 \u0434\u043e FW26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (WAGO Compact Controller CC100), \u043e\u0442 FW19 \u0434\u043e FW26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (WAGO Edge Controller), \u043e\u0442 FW19 \u0434\u043e FW26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PFC100), \u043e\u0442 FW19 \u0434\u043e FW26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PFC200), \u043e\u0442 FW19 \u0434\u043e FW26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Touch Panel 600 Advanced), \u043e\u0442 FW19 \u0434\u043e FW26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Touch Panel 600 Marine), \u043e\u0442 FW19 \u0434\u043e FW26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Touch Panel 600 Standard)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://cert.vde.com/en/advisories/VDE-2023-046/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.10.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-07085",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-4089, VDE-2023-046",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "WAGO Compact Controller CC100, WAGO Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced, Touch Panel 600 Marine, Touch Panel 600 Standard",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 WAGO CC100, Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced Line, Touch Panel 600 Marine Line, Touch Panel 600 Standard Line, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u043d\u0435\u0448\u043d\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u0430\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0440\u0435\u0441\u0443\u0440\u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 (CWE-610)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 WAGO CC100, Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced Line, Touch Panel 600 Marine Line, Touch Panel 600 Standard Line \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0433\u0438\u043f\u0435\u0440\u0442\u0435\u043a\u0441\u0442\u043e\u0432\u044b\u0445 \u0441\u0441\u044b\u043b\u043e\u043a.\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert.vde.com/en/advisories/VDE-2023-046/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-610",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,7)"
}

CVE-2023-4089 (GCVE-0-2023-4089)

Vulnerability from cvelistv5 – Published: 2023-10-17 06:00 – Updated: 2025-02-27 20:40

Title

WAGO: Multiple products vulnerable to local file inclusion

Summary

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Severity ?

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Assigner

CERTVDE

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2023-046

BDU:2023-07085

CVE-2023-4089 (GCVE-0-2023-4089)

Tags

Sightings

Nomenclature