CVE-2023-3379

Name of the Vulnerable Software and Affected Versions WAGO PFC100/PFC200 versions (affected versions not specified) WAGO Edge Controller versions (affected versions not specified) WAGO Touch Panel 600 versions (affected versions not specified)

Description The issue is related to errors in privilege management in the web-based management interface of WAGO products. It allows a local authenticated attacker to change the passwords of other non-admin users, thus escalating non-root privileges.

Recommendations For WAGO PFC100/PFC200, consider restricting access to the web-based management interface until a fix is available. For WAGO Edge Controller, avoid using the password change functionality for non-admin users until the issue is resolved. For WAGO Touch Panel 600, as a temporary workaround, consider disabling the web-based management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.