Wago Compact Controller Cc100 vulnerabilities

3 known vulnerabilities affecting wago/compact_controller_cc100.

Total CVEs

3

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH1LOW1

Vulnerabilities

Page 1 of 1

CVE-2023-4089LOWCVSS 2.7≥ FW19, ≤ FW262023-10-17

CVE-2023-4089 [LOW] CWE-610 CVE-2023-4089: On affected Wago products an remote attacker with administrative privileges can access files to whic On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

CVE-2023-1698CRITICALCVSS 9.8PoC≥ FW20, ≤ FW22vFW232023-05-15

CVE-2023-1698 [CRITICAL] CWE-78 CVE-2023-1698: In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create ne In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

CVE-2022-3281HIGHCVSS 7.5≥ 03.07.17(19), ≤ 03.09.08(21)2022-10-17

CVE-2022-3281 [HIGH] CWE-440 CVE-2022-3281: WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in m WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.