VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 17, 2023· Updated Feb 27, 2025

WAGO: Multiple products vulnerable to local file inclusion

CVE-2023-4089

Description

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Undocumented local file inclusion in Wago products allows remote admin to access files via alternate path, logged separately.

Vulnerability

An undocumented local file inclusion vulnerability exists in multiple Wago products. An attacker with administrative privileges can access files they already have access to through an unintended path. The access is logged in a different log file, potentially masking the activity. Affected versions are not explicitly listed but include various Wago controllers and devices. [1]

Exploitation

The attacker must have administrative privileges on the target Wago device. No user interaction is required. The attacker uses an undocumented file inclusion mechanism to access files, resulting in log entries written to a different log file than expected, making detection harder. [1]

Impact

The attacker can read sensitive files they already have access to, but the stealthier logging hides the access. The impact is primarily information disclosure, with reduced auditability. [1]

Mitigation

As of the publication date, no patch is mentioned. Wago may release firmware updates. Mitigation details are not yet disclosed in the available references. [1]

References
  1. WAGO: Multiple products vulnerable to local file inclusion

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • WAGO/Compact Controller CC100v5
    Range: FW19
  • WAGO/Edge Controllerv5
    Range: FW18
  • WAGO/PFC100v5
    Range: FW16
  • Wago/PFC200cpe-rescue
    Range: FW16
  • WAGO/Touch Panel 600 Advanced Linev5
    Range: FW16
  • WAGO/Touch Panel 600 Marine Linev5
    Range: FW16
  • WAGO/Touch Panel 600 Standard Linev5
    Range: FW16

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.