CVE-2023-4089

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CERTVDECNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
wagocompact_controller_100_firmware
19 ≤
𝑥
≤ 26
wagoedge_controller_firmware
18 ≤
𝑥
≤ 26
wagopfc100_firmware
16 ≤
𝑥
≤ 26
wagopfc200_firmware
16 ≤
𝑥
≤ 26
wagotouch_panel_600_advanced_firmware
16 ≤
𝑥
≤ 26
wagotouch_panel_600_marine_firmware
16 ≤
𝑥
≤ 26
wagotouch_panel_600_standard_firmware
16 ≤
𝑥
≤ 26
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en/advisories/VDE-2023-046/
https://cert.vde.com/en/advisories/VDE-2023-046/