CVE-2023-4089— WAGO: Multiple products vulnerable to local file inclusion

CVSS 2.7 · Low EPSS 0.10% · P26 Updated Feb 28, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-4089

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

WAGO: Multiple products vulnerable to local file inclusion

Source: NVD (National Vulnerability Database)

Vulnerability Description

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

资源在另一范围的外部可控制索引

Source: NVD (National Vulnerability Database)

Vulnerability Title

WAGO 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WAGO是德国万可（WAGO）公司的一款750-88x系列可编程逻辑控制器。该设备专门为在工业环境下应用而设计的数字运算操作电子系统。 WAGO 存在安全漏洞。攻击者利用该漏洞可以通过未记录的本地文件包含来访问已经访问过的文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
WAGO	Compact Controller CC100	FW19 ~ FW26	-
WAGO	Edge Controller	FW18 ~ FW26	-
WAGO	PFC100	FW16 ~ FW26	-
WAGO	PFC200	FW16 ~ FW26	-
WAGO	Touch Panel 600 Advanced Line	FW16 ~ FW26	-
WAGO	Touch Panel 600 Marine Line	FW16 ~ FW26	-
WAGO	Touch Panel 600 Standard Line	FW16 ~ FW26	-

II. Public POCs for CVE-2023-4089

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-4089

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Compact Controller CC100

CVE-2023-1698
WAGO: WBM Command Injection in multiple products

Same vendor: WAGO

Same weakness: CWE-610

V. Comments for CVE-2023-4089

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-4089— WAGO: Multiple products vulnerable to local file inclusion

I. Basic Information for CVE-2023-4089

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-4089

III. Intelligence Information for CVE-2023-4089

IV. Related Vulnerabilities

V. Comments for CVE-2023-4089

Leave a comment