Vulnerability-Lookup

VDE-2023-015

Vulnerability from csaf_wagogmbhcokg - Published: 2023-11-20 07:00 - Updated: 2023-11-20 07:00

Summary

WAGO: Improper privilege management in web-based management

Notes

Summary: There is a misconfiguration of access rights to a configuration tool of the web-based-management for a specific user, which allows to reset passwords of other users (except root). This allows an authenticated attacker to elevate his privileges.

Impact: An authenticated attacker can get further privileges allowing the attacker to change configuration and perform actions beyond the original user scope.

Mitigation: Restrict network access to the device. Do not directly connect the device to the internet.

Remediation: Wago recommends all affected users to update to the firmware version listed below: ### Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100 | Article Number | Fixed in Firmware Version | |-----------------------|----------------------------------| | 750-811x/xxx-xxx | FW22 Patch 2 | | 750-821x/xxx-xxx | FW26 | | 750-820x/xxx-xxx | FW22 Patch 2 | | 751-9301 | FW26 | ### Series WAGO Touch Panel 600 and WAGO Edge Controller | Article Number | Fixed in Firmware Version | |-----------------------|----------------------------------| | 762-4xxx | FW26 | | 762-5xxx | FW26 | | 762-6xxx | FW26 | | 752-8303/8000-002 | FW26 | FW22 Patch 2 will be available in Q1 2024.

CVE-2023-3379

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-863 - Incorrect Authorization

Mitigation Restrict network access to the device. Do not directly connect the device to the internet.

Vendor Fix Wago recommends all affected users to update to the firmware version listed below: ### Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100 | Article Number | Fixed in Firmware Version | |-----------------------|----------------------------------| | 750-811x/xxx-xxx | FW22 Patch 2 | | 750-821x/xxx-xxx | FW26 | | 750-820x/xxx-xxx | FW22 Patch 2 | | 751-9301 | FW26 | ### Series WAGO Touch Panel 600 and WAGO Edge Controller | Article Number | Fixed in Firmware Version | |-----------------------|----------------------------------| | 762-4xxx | FW26 | | 762-5xxx | FW26 | | 762-6xxx | FW26 | | 752-8303/8000-002 | FW26 | FW22 Patch 2 will be available in Q1 2024.

References

URL

Category

	https://certvde.com/en/advisories/VDE-2023-015/	self
	https://wago.csaf-tp.certvde.com/.well-known/csaf…	self
	https://www.wago.com/psirt	external
	https://certvde.com/en/advisories/vendor/wago/	external

Acknowledgments

CERT@VDE certvde.com

Secura Panagiotis Bellonias

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Panagiotis Bellonias"
        ],
        "organization": "Secura",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "There is a misconfiguration of access rights to a configuration tool of the web-based-management for a specific user, which allows to reset passwords of other users (except root). This allows an authenticated attacker to elevate his privileges.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An authenticated attacker can get further privileges allowing the attacker to change configuration and perform actions beyond the original user scope.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Restrict network access to the device.\nDo not directly connect the device to the internet.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Wago recommends all affected users to update to the firmware version listed below:\n\n### Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100\n\n| Article Number        | Fixed in Firmware Version        |\n|-----------------------|----------------------------------|\n| 750-811x/xxx-xxx      |  FW22 Patch 2                  |\n| 750-821x/xxx-xxx      |  FW26                           |\n| 750-820x/xxx-xxx      |  FW22 Patch 2                  |\n| 751-9301              |  FW26                           |\n\n### Series WAGO Touch Panel 600 and WAGO Edge Controller\n\n| Article Number        | Fixed in Firmware Version        |\n|-----------------------|----------------------------------|\n| 762-4xxx              |  FW26                           |\n| 762-5xxx              |  FW26                           |\n| 762-6xxx              |  FW26                           |\n| 752-8303/8000-002     |  FW26                           |\n\nFW22 Patch 2 will be available in Q1 2024.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-015: WAGO: Improper privilege management in web-based management - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-015/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-015: WAGO: Improper privilege management in web-based management - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-015.json"
      },
      {
        "category": "external",
        "summary": "WAGO PSIRT",
        "url": "https://www.wago.com/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      }
    ],
    "title": "WAGO: Improper privilege management in web-based management",
    "tracking": {
      "aliases": [
        "VDE-2023-015"
      ],
      "current_release_date": "2023-11-20T07:00:00.000Z",
      "generator": {
        "date": "2025-05-05T11:26:03.403Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2023-015",
      "initial_release_date": "2023-11-20T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-11-20T07:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Compact Controller 100",
                "product": {
                  "name": "Compact Controller 100",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "751-9301/xxx-xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Edge Controller",
                "product": {
                  "name": "Edge Controller",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "752-8303/8000-002"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PFC100",
                "product": {
                  "name": "PFC100",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-810x/xxx-xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "PFC200",
                "product": {
                  "name": "PFC200",
                  "product_id": "CSAFPID-11004",
                  "product_identification_helper": {
                    "model_numbers": [
                      "750-820x/xxx-xxx",
                      "750-821x/xxx-xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Touch Panel 600 Advanced Line",
                "product": {
                  "name": "Touch Panel 600 Advanced Line",
                  "product_id": "CSAFPID-11005",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-5xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Touch Panel 600 Marine Line",
                "product": {
                  "name": "Touch Panel 600 Marine Line",
                  "product_id": "CSAFPID-11006",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-6xxx"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Touch Panel 600 Standard Line",
                "product": {
                  "name": "Touch Panel 600 Standard Line",
                  "product_id": "CSAFPID-11007",
                  "product_identification_helper": {
                    "model_numbers": [
                      "762-4xxx"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=FW25",
                "product": {
                  "name": "Firmware \u003c= FW25",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=FW22 Patch1",
                "product": {
                  "name": "Firmware \u003c= FW22 Patch1",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version",
                "name": "FW26",
                "product": {
                  "name": "Firmware FW26",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version",
                "name": "FW22 Patch 2",
                "product": {
                  "name": "Firmware FW22 Patch 2",
                  "product_id": "CSAFPID-22002"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c= FW25 installed on Compact Controller 100",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c= FW25 installed on Edge Controller",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c= FW22 Patch1 installed on PFC100",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c= FW22 Patch1 installed on PFC200",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c= FW25 installed on PFC200",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c= FW25 installed on Touch Panel 600 Advanced Line",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c= FW25 installed on Touch Panel 600 Marine Line",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW26 installed on Compact Controller 100",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW26 installed on Edge Controller",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW22 Patch 2 installed on PFC100",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW22 Patch 2 installed on PFC200",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW26 installed on PFC200",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW26 installed on Touch Panel 600 Advanced Line",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW26 installed on Touch Panel 600 Marine Line",
          "product_id": "CSAFPID-32007"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11007"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-3379",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "description",
          "text": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker  to change the passwords of other non-admin users and thus to escalate non-root privileges.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Restrict network access to the device.\nDo not directly connect the device to the internet.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Wago recommends all affected users to update to the firmware version listed below:\n\n### Series WAGO PFC100/PFC200 and WAGO Compact Controller CC100\n\n| Article Number        | Fixed in Firmware Version        |\n|-----------------------|----------------------------------|\n| 750-811x/xxx-xxx      |  FW22 Patch 2                  |\n| 750-821x/xxx-xxx      |  FW26                           |\n| 750-820x/xxx-xxx      |  FW22 Patch 2                  |\n| 751-9301              |  FW26                           |\n\n### Series WAGO Touch Panel 600 and WAGO Edge Controller\n\n| Article Number        | Fixed in Firmware Version        |\n|-----------------------|----------------------------------|\n| 762-4xxx              |  FW26                           |\n| 762-5xxx              |  FW26                           |\n| 762-6xxx              |  FW26                           |\n| 752-8303/8000-002     |  FW26                           |\n\nFW22 Patch 2 will be available in Q1 2024.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2023-3379"
    }
  ]
}

CVE-2023-3379 (GCVE-0-2023-3379)

Vulnerability from cvelistv5 – Published: 2023-11-20 07:23 – Updated: 2024-10-02 05:34

Title

WAGO: Improper Privilege Management in web-based management

Summary

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-863 - Incorrect Authorization

Assigner

CERTVDE

References

URL

BDU:2023-08202

Vulnerability from fstec - Published: 20.11.2023

Title

Уязвимость веб-интерфейса управления программируемых логических контроллеров WAGO PFC100/PFC200, Edge Controller и сенсорных панелей WAGO Touch Panel 600, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость веб-интерфейса управления программируемых логических контроллеров WAGO PFC100/PFC200, Edge Controller и сенсорных панелей WAGO Touch Panel 600 связана с ошибками при управлении привилегиями. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vendor

WAGO Kontakttechnik GmbH & Co. KG

Software Name

WAGO Compact Controller CC100, WAGO Edge Controller, PFC200, Touch Panel 600 Advanced, Touch Panel 600 Marine, Touch Panel 600 Standard, PFC100

Software Version

до FW25 включительно (WAGO Compact Controller CC100), до FW25 включительно (WAGO Edge Controller), до FW25 включительно (PFC200), до FW25 включительно (Touch Panel 600 Advanced), до FW25 включительно (Touch Panel 600 Marine), до FW25 включительно (Touch Panel 600 Standard), до FW22 Patch1 включительно (PFC100), до FW22 Patch1 включительно (PFC200)

Possible Mitigations

Использование рекомендаций: https://cert.vde.com/en/advisories/VDE-2023-015/

Reference

https://cert.vde.com/en/advisories/VDE-2023-015/

CWE

CWE-269

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:P/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "WAGO Kontakttechnik GmbH \u0026 Co. KG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e FW25 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (WAGO Compact Controller CC100), \u0434\u043e FW25 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (WAGO Edge Controller), \u0434\u043e FW25 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PFC200), \u0434\u043e FW25 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Touch Panel 600 Advanced), \u0434\u043e FW25 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Touch Panel 600 Marine), \u0434\u043e FW25 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Touch Panel 600 Standard), \u0434\u043e FW22 Patch1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PFC100), \u0434\u043e FW22 Patch1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PFC200)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://cert.vde.com/en/advisories/VDE-2023-015/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.11.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08202",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-3379, VDE-2023-015",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "WAGO Compact Controller CC100, WAGO Edge Controller, PFC200, Touch Panel 600 Advanced, Touch Panel 600 Marine, Touch Panel 600 Standard, PFC100",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 WAGO PFC100/PFC200, Edge Controller \u0438 \u0441\u0435\u043d\u0441\u043e\u0440\u043d\u044b\u0445 \u043f\u0430\u043d\u0435\u043b\u0435\u0439 WAGO Touch Panel 600, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 WAGO PFC100/PFC200, Edge Controller \u0438 \u0441\u0435\u043d\u0441\u043e\u0440\u043d\u044b\u0445 \u043f\u0430\u043d\u0435\u043b\u0435\u0439 WAGO Touch Panel 600 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert.vde.com/en/advisories/VDE-2023-015/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,7)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2023-015

CVE-2023-3379 (GCVE-0-2023-3379)

BDU:2023-08202

Tags

Sightings

Nomenclature