CVE-2023-4089 LOW

CVE-2023-4089: WAGO: Multiple products vulnerable to local file inclusion

Vendor Wago
Product Compact Controller CC100
Weakness CWE-610
Published October 17, 2023
Last update February 27, 2025

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Key dates

02Disclosure timeline

October 17, 2023 CVE published
February 27, 2025 Record updated