#VU83406 Externally Controlled Reference to a Resource in Another Sphere in WAGO products - CVE-2023-4089
Published: November 22, 2023
Vulnerability identifier: #VU83406
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-4089
CWE-ID: CWE-610
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Compact Controller CC100
Edge Controller
PFC100
PFC200
Touch Panel 600 Advanced Line
Touch Panel 600 Marine Line
Touch Panel 600 Standard Line
Compact Controller CC100
Edge Controller
PFC100
PFC200
Touch Panel 600 Advanced Line
Touch Panel 600 Marine Line
Touch Panel 600 Standard Line
Software vendor:
WAGO
WAGO
Description
The vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to the affected software uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. A remote administrator can access files which they already have access to through an undocumented local file inclusion.
Remediation
Install updates from vendor's website.