Wago: >> Edge Controller Firmware >> 18 Security Vulnerabilities
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-11-20
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-10-17
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-01-19