Details of VAR-202310-0385

ID

VAR-202310-0385

CVE

CVE-2023-4089

TITLE

plural WAGO Vulnerability of external controllable references to other domain resources in the product

Trust: 0.8

sources: JVNDB: JVNDB-2023-007590

DESCRIPTION

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. WAGO The following vulnerabilities exist in multiple products provided by . * Externally controllable reference to another region resource (CWE-610) - CVE-2023-4089If the vulnerability is exploited, it may be affected as follows

Trust: 1.71

sources: NVD: CVE-2023-4089 // JVNDB: JVNDB-2023-007590 // VULMON: CVE-2023-4089

AFFECTED PRODUCTS

vendor:	wago	model:	pfc200	scope:	lte	version:	26	Trust: 1.0
vendor:	wago	model:	touch panel 600 advanced	scope:	lte	version:	26	Trust: 1.0
vendor:	wago	model:	touch panel 600 advanced	scope:	gte	version:	16	Trust: 1.0
vendor:	wago	model:	touch panel 600 standard	scope:	gte	version:	16	Trust: 1.0
vendor:	wago	model:	touch panel 600 standard	scope:	lte	version:	26	Trust: 1.0
vendor:	wago	model:	touch panel 600 marine	scope:	gte	version:	16	Trust: 1.0
vendor:	wago	model:	pfc100	scope:	lte	version:	26	Trust: 1.0
vendor:	wago	model:	compact controller 100	scope:	gte	version:	19	Trust: 1.0
vendor:	wago	model:	edge controller	scope:	lte	version:	26	Trust: 1.0
vendor:	wago	model:	pfc100	scope:	gte	version:	16	Trust: 1.0
vendor:	wago	model:	edge controller	scope:	gte	version:	18	Trust: 1.0
vendor:	wago	model:	compact controller 100	scope:	lte	version:	26	Trust: 1.0
vendor:	wago	model:	pfc200	scope:	gte	version:	16	Trust: 1.0
vendor:	wago	model:	touch panel 600 marine	scope:	lte	version:	26	Trust: 1.0
vendor:	wago	model:	edge controller	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	touch panel 600 advanced	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	touch panel 600 standard	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	pfc200	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	compact controller cc100	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	touch panel 600 marine	scope:	-	version:	-	Trust: 0.8
vendor:	wago	model:	pfc100	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-007590 // NVD: CVE-2023-4089

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com:	CVE-2023-4089
value:	LOW
Trust: 1.0
OTHER:	JVNDB-2023-007590
value:	LOW
Trust: 0.8

info@cert.vde.com:	CVE-2023-4089
baseSeverity:	LOW
baseScore:	2.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-007590
baseSeverity:	LOW
baseScore:	2.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-007590 // NVD: CVE-2023-4089

PROBLEMTYPE DATA

problemtype:	CWE-610	Trust: 1.0
problemtype:	Externally controllable reference to another region resource (CWE-610) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-007590 // NVD: CVE-2023-4089

PATCH

title:

WAGO Global | Reliable Solutions for Many Sectors and Industories

url:

https://www.wago.com/global/

Trust: 0.8

sources: JVNDB: JVNDB-2023-007590

EXTERNAL IDS

db:	NVD	id:	CVE-2023-4089	Trust: 2.7
db:	CERT@VDE	id:	VDE-2023-046	Trust: 1.9
db:	JVN	id:	JVNVU96020889	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-325-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-007590	Trust: 0.8
db:	VULMON	id:	CVE-2023-4089	Trust: 0.1

sources: VULMON: CVE-2023-4089 // JVNDB: JVNDB-2023-007590 // NVD: CVE-2023-4089

REFERENCES

url:	https://cert.vde.com/en/advisories/vde-2023-046/	Trust: 1.1
url:	http://jvn.jp/vu/jvnvu96020889/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-4089	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-01	Trust: 0.8
url:	https://cert.vde.com/de/advisories/vde-2023-046/	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/610.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-4089 // JVNDB: JVNDB-2023-007590 // NVD: CVE-2023-4089

SOURCES

db:	VULMON	id:	CVE-2023-4089
db:	JVNDB	id:	JVNDB-2023-007590
db:	NVD	id:	CVE-2023-4089

LAST UPDATE DATE

2024-08-14T13:19:43.329000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-4089	date:	2023-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2023-007590	date:	2023-11-24T04:24:00
db:	NVD	id:	CVE-2023-4089	date:	2023-10-24T18:00:38.507

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-4089	date:	2023-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2023-007590	date:	2023-11-24T00:00:00
db:	NVD	id:	CVE-2023-4089	date:	2023-10-17T07:15:10.090