CVE-2023-4089 — Externally Controlled Reference to a Resource in Another Sphere in Compact Controller Cc100

CWE-610 — Externally Controlled Reference to a Resource in Another Sphere CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

2.7LOWNVD

EPSS

0.1%

top 75.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wago Compact Controller Cc100 Wago Edge Controller Wago Pfc100 +11 more

Timeline

PublishedOct 17

Description

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages14 packages

▶CVEListV5wago/pfc100FW16 — FW26

▶CVEListV5wago/pfc200FW16 — FW26

▶CVEListV5wago/edge_controllerFW18 — FW26

▶NVDwago/pfc100_firmware16 — 26

▶NVDwago/pfc200_firmware16 — 26

🔴Vulnerability Details

CVEList

WAGO: Multiple products vulnerable to local file inclusion↗2023-10-17

▶

GHSA

GHSA-pxfv-24mx-mrvc: On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented↗2023-10-17

▶

📋Vendor Advisories

Juniper

CVE-2023-22396: An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated↗2023-01-13

▶