Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2023-5872
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-5872",
"id": "GSD-2023-5872"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-5872"
],
"id": "GSD-2023-5872",
"modified": "2023-12-13T01:20:50.387355Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-5872",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
VDE-2023-045
Vulnerability from csaf_wagogmbhcokg - Published: 2023-12-05 07:00 - Updated: 2023-12-05 07:00Summary
Wago: Vulnerability in Smart Designer Web-Application
Notes
Summary: An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.
Impact: The vulnerability might result in disclosure of sensitive information.
Remediation: A patch for the WAGO Smart Designer will be available with version 2.34.
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.
4.3 (Medium)
Vendor Fix
A patch for the WAGO Smart Designer will be available with version 2.34.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
White Oak Security
Brett Dewall
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Brett Dewall"
],
"organization": "White Oak Security",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.",
"title": "Summary"
},
{
"category": "description",
"text": "The vulnerability might result in disclosure of sensitive information.",
"title": "Impact"
},
{
"category": "description",
"text": "A patch for the WAGO Smart Designer will be available with version 2.34.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-045: Wago: Vulnerability in Smart Designer Web-Application - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-045/"
},
{
"category": "self",
"summary": "VDE-2023-045: Wago: Vulnerability in Smart Designer Web-Application - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "Wago: Vulnerability in Smart Designer Web-Application",
"tracking": {
"aliases": [
"VDE-2023-045"
],
"current_release_date": "2023-12-05T07:00:00.000Z",
"generator": {
"date": "2025-04-30T14:13:55.503Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2023-045",
"initial_release_date": "2023-12-05T07:00:00.000Z",
"revision_history": [
{
"date": "2023-12-05T07:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.33.1",
"product": {
"name": "Smart Designer \u003c=2.33.1",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "2.34",
"product": {
"name": "Smart Designer 2.34",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "Smart Designer"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Vendor"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5872",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "description",
"text": "In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "A patch for the WAGO Smart Designer will be available with version 2.34.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2023-5872"
}
]
}