Wago: Vulnerability in Smart Designer Web-Application

VDE-2023-045

Last update

12/05/2023 08:00

Published at

12/05/2023 08:00

Vendor(s)

WAGO GmbH & Co. KG

External ID

VDE-2023-045

CSAF Document

Download

Summary

An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.

Impact

The vulnerability might result in disclosure of sensitive information.

Affected Product(s)

Model no.	Product name	Affected versions
	Smart Designer <=2.33.1	Smart Designer <=2.33.1

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:58

Severity

4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weakness

Observable Discrepancy (CWE-203)

Summary

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.

References

cve.org | nvd.nist.gov

Remediation

A patch for the WAGO Smart Designer will be available with version 2.34.

Revision History

Version	Date	Summary
1	12/05/2023 08:00	Initial revision.

Wago: Vulnerability in Smart Designer Web-Application

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2023-5872 4.3

Remediation

Revision History