CVE-2023-3379

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

CVSS

No CVSS.

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2023-015/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:wago:pfc100_firmware::::::::
	cpe:2.3:o:wago:pfc100_firmware:22:patch_1::::::
	cpe:2.3:o:wago:pfc100_firmware:22:-::::::

cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:wago:pfc200_firmware::::::::
	cpe:2.3:o:wago:pfc200_firmware:22:patch_1::::::
	cpe:2.3:o:wago:pfc200_firmware:22:-::::::
	cpe:2.3:o:wago:pfc200_firmware:23:::::::*
	cpe:2.3:o:wago:pfc200_firmware:24:::::::*

cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*

Information

Published : 2023-11-20 08:15

Updated : 2023-11-30 15:16

NVD link : CVE-2023-3379

Mitre link : CVE-2023-3379

JSON object : View

Products Affected

wago

edge_controller
compact_controller_100_firmware
touch_panel_600_advanced_firmware
compact_controller_100
pfc100
pfc200
edge_controller_firmware
touch_panel_600_advanced
touch_panel_600_standard_firmware
pfc100_firmware
touch_panel_600_marine
pfc200_firmware
touch_panel_600_marine_firmware
touch_panel_600_standard

CWE

NVD-CWE-noinfo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-015/", "name": "https://cert.vde.com/en/advisories/VDE-2023-015/", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-3379", "ASSIGNER": "info@cert.vde.com"}}, "impact": {}, "publishedDate": "2023-11-20T08:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:wago:compact_controller_100_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "25"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:wago:compact_controller_100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:wago:edge_controller_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "25"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:wago:edge_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "22"}, {"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:22:patch_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:wago:pfc100_firmware:22:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "22"}, {"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:22:patch_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:22:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:wago:pfc200_firmware:24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_advanced_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "25"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_advanced:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_marine_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "25"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_marine:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:wago:touch_panel_600_standard_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "25"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:wago:touch_panel_600_standard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-11-30T15:16Z"}