cbcvebase.
CVE-2023-3379
published 2023-11-20

CVE-2023-3379: Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin…

medium5.3CVSS 3.1
AVLACLPRLUINSUCLILAL
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

Affected

18 ranges
VendorProductVersion rangeFixed in
wagocompact_controller_100<= FW25
wagocompact_controller_100_firmware<= 25
wagoedge_controller<= FW25
wagoedge_controller_firmware<= 25
wagopfc100<= FW22 Patch 1
wagopfc100_firmware< 2222
wagopfc100_firmware
wagopfc200<= FW25
wagopfc200_firmware< 2222
wagopfc200_firmware
wagopfc200_firmware
wagopfc200_firmware
wagotouch_panel_600_advanced_firmware<= 25
wagotouch_panel_600_advanced_line<= FW25
wagotouch_panel_600_marine_firmware<= 25
wagotouch_panel_600_marine_line<= FW25
wagotouch_panel_600_standard_firmware<= 25
wagotouch_panel_600_standard_line<= FW25