CVE-2023-4149
CRITICALWAGO 0852-0602/0852-0603/0852-1605 Firmware - Unauthenticated OS Command Injection via Web Management Request Handling
Title source: llmDescription
A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-037
Scores
CVSS v3
9.8
EPSS
0.0112
EPSS Percentile
61.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (3)
wago/0852-0602_firmware
< 1.0.6.s0
wago/0852-0603_firmware
< 1.0.6.s0
wago/0852-1605_firmware
< 1.2.5.s0
Published
Nov 21, 2023
Tracked Since
Feb 18, 2026