CVE-2023-5872 PUBLISHED

Wago: Vulnerability in Smart Designer Web-Application

Assigner: CERTVDE
Reserved: 31.10.2023 Published: 16.04.2026 Updated: 16.04.2026

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Wago
Product	Smart Designer
Versions	Default: unaffected affected from 0.0.0 to 2.33.1 (incl.)

Credits

Brett Dewall from White Oak Security reporter

References

https://certvde.com/de/advisories/VDE-2023-045
https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json

Problem Types

CWE-203 Observable Discrepancy CWE