What is CVE-2023-4089?

CVE-2023-4089 is a low-severity vulnerability in Wago Compact Controller Cc100, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 2.7/10. Published 2023-10-17.

How severe is CVE-2023-4089?

Low severity. CVSS v3 base score is 2.7 out of 10.

Is CVE-2023-4089 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wago Compact Controller Cc100

CVE-2023-4089

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

EPSS: 0.001 (26.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N.

Affected products

Wago Compact Controller Cc100 — versions FW19
Wago Edge Controller — versions FW18
Wago Pfc100 — versions FW16
Wago Pfc200 — versions FW16
Wago Touch Panel 600 Advanced Line — versions FW16
Wago Touch Panel 600 Marine Line — versions FW16
Wago Touch Panel 600 Standard Line — versions FW16

Weakness classification (CWE)

CWE-610 — Externally Controlled Reference to a Resource in Another Sphere

Public proof-of-concept exploits

References

cert.vde.com/en/advisories/VDE-2023-046/

Frequently asked questions

What is CVE-2023-4089?: CVE-2023-4089 is a low-severity vulnerability in Wago Compact Controller Cc100, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 2.7/10. Published 2023-10-17.
How severe is CVE-2023-4089?: Low severity. CVSS v3 base score is 2.7 out of 10.
Is CVE-2023-4089 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.