CVE-2023-4089

LOW

Wago - Info Disclosure

Title source: llm

Description

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

References (1)

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2023-046/

Scores

CVSS v3 2.7

EPSS 0.0010

EPSS Percentile 26.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-610

Status published

Products (7)

wago/compact_controller_100_firmware 19 - 26

wago/edge_controller_firmware 18 - 26

wago/pfc100_firmware 16 - 26

wago/pfc200_firmware 16 - 26

wago/touch_panel_600_advanced_firmware 16 - 26

wago/touch_panel_600_marine_firmware 16 - 26

wago/touch_panel_600_standard_firmware 16 - 26

Published Oct 17, 2023

Tracked Since Feb 18, 2026