Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-3379
HistoryNov 20, 2023 - 8:15 a.m.

CVE-2023-3379

2023-11-2008:15:44
CWE-269
[email protected]
web.nvd.nist.gov
12
cve-2023-3379
wago
web-based
management
vulnerability
password change
escalation
authenticated attacker

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

Affected configurations

NVD
Node
wagocompact_controller_100_firmwareRange25
AND
wagocompact_controller_100Match-
Node
wagoedge_controller_firmwareRange25
AND
wagoedge_controllerMatch-
Node
wagopfc100_firmwareRange<22
OR
wagopfc100_firmwareMatch22-
OR
wagopfc100_firmwareMatch22patch_1
AND
wagopfc100Match-
Node
wagopfc200_firmwareRange<22
OR
wagopfc200_firmwareMatch22-
OR
wagopfc200_firmwareMatch22patch_1
OR
wagopfc200_firmwareMatch23
OR
wagopfc200_firmwareMatch24
AND
wagopfc200Match-
Node
wagotouch_panel_600_advanced_firmwareRange25
AND
wagotouch_panel_600_advancedMatch-
Node
wagotouch_panel_600_marine_firmwareRange25
AND
wagotouch_panel_600_marineMatch-
Node
wagotouch_panel_600_standard_firmwareRange25
AND
wagotouch_panel_600_standardMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Compact Controller 100 (751-9301)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC100 (750-810x/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW22 Patch 1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC200 (750-820x/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PFC200 (750-821x/xxx-xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW22 Patch 1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Advanced Line (762-5xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Marine Line (762-6xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Touch Panel 600 Standard Line (762-4xxx)",
    "vendor": "WAGO",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Edge Controller (752-8303/8000-002)",
    "vendor": "Wago",
    "versions": [
      {
        "lessThanOrEqual": "FW25",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
prion 1
nessus 1
cvelist
cvelist
CVE-2023-3379 WAGO: Improper Privilege Management in web-based management
2023-11-20 07:23:41
nvd
nvd
CVE-2023-3379
2023-11-20 08:15:44
prion
prion
Code injection
2023-11-20 08:15:00
nessus
nessus
Wago Multiple Products Improper Privilege Management (CVE-2023-3379)
2024-02-14 00:00:00

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVE-2023-3379
cvelist1nvd1prion1nessus1