Sign-up

ID

VAR-202311-1670


CVE

CVE-2023-3379


TITLE

plural  WAGO  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-018600

DESCRIPTION

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. compact controller 100 firmware, Edge Controller firmware, PFC100 firmware etc. WAGO There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-3379 // JVNDB: JVNDB-2023-018600 // VULMON: CVE-2023-3379

AFFECTED PRODUCTS

vendor:wagomodel:pfc100scope:ltversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:ltversion:22

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:24

Trust: 1.0

vendor:wagomodel:touch panel 600 advancedscope:lteversion:25

Trust: 1.0

vendor:wagomodel:pfc100scope:eqversion:22

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope:lteversion:25

Trust: 1.0

vendor:wagomodel:compact controller 100scope:lteversion:25

Trust: 1.0

vendor:wagomodel:edge controllerscope:lteversion:25

Trust: 1.0

vendor:wagomodel:touch panel 600 standardscope:lteversion:25

Trust: 1.0

vendor:wagomodel:pfc200scope:eqversion:23

Trust: 1.0

vendor:wagomodel:touch panel 600 marinescope: - version: -

Trust: 0.8

vendor:wagomodel:touch panel 600 standardscope: - version: -

Trust: 0.8

vendor:wagomodel:edge controllerscope: - version: -

Trust: 0.8

vendor:wagomodel:pfc100scope: - version: -

Trust: 0.8

vendor:wagomodel:pfc200scope: - version: -

Trust: 0.8

vendor:wagomodel:touch panel 600 advancedscope: - version: -

Trust: 0.8

vendor:wagomodel:compact controller 100scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-018600 // NVD: CVE-2023-3379

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com: CVE-2023-3379
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2023-018600
value: MEDIUM

Trust: 0.8

info@cert.vde.com: CVE-2023-3379
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-018600
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-018600 // NVD: CVE-2023-3379

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-863

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-018600 // NVD: CVE-2023-3379

EXTERNAL IDS

db:NVDid:CVE-2023-3379

Trust: 2.7

db:CERT@VDEid:VDE-2023-015

Trust: 1.9

db:JVNDBid:JVNDB-2023-018600

Trust: 0.8

db:VULMONid:CVE-2023-3379

Trust: 0.1

sources: VULMON: CVE-2023-3379 // JVNDB: JVNDB-2023-018600 // NVD: CVE-2023-3379

REFERENCES

url:https://cert.vde.com/en/advisories/vde-2023-015/

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-3379

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-3379 // JVNDB: JVNDB-2023-018600 // NVD: CVE-2023-3379

SOURCES

db:VULMONid:CVE-2023-3379
db:JVNDBid:JVNDB-2023-018600
db:NVDid:CVE-2023-3379

LAST UPDATE DATE

2024-10-02T23:21:20.711000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-3379date:2023-11-20T00:00:00
db:JVNDBid:JVNDB-2023-018600date:2024-01-11T07:25:00
db:NVDid:CVE-2023-3379date:2024-10-02T06:15:08.453

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-3379date:2023-11-20T00:00:00
db:JVNDBid:JVNDB-2023-018600date:2024-01-11T00:00:00
db:NVDid:CVE-2023-3379date:2023-11-20T08:15:44.280