Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4149

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.

Published

2023-11-21T07:15:10.093

Last Modified

2024-11-21T08:34:29.230

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	wago	0852-0602_firmware	< 1.0.6.s0	Yes
Hardware	wago	0852-0602	-	No
Operating System	wago	0852-0603_firmware	< 1.0.6.s0	Yes
Hardware	wago	0852-0603	-	No
Operating System	wago	0852-1605_firmware	< 1.2.5.s0	Yes
Hardware	wago	0852-1605	-	No

References

https://cert.vde.com/en/advisories/VDE-2023-037 Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2023-037 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)