CVE-2023-5872
Received Received - Intake
Information Disclosure in Wago Smart Designer via Endpoint Enumeration

Publication date: 2026-04-16

Last updated on: 2026-04-16

Assigner: CERT VDE

Description
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-16
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-04-16
EPSS Evaluated
2026-06-15
NVD
CVE-2023-5872
EUVD
EUVD-2023-58146
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wago gmbh_and_co_kg to 2.33.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-203 The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-5872 is a vulnerability in WAGO GmbH & Co.KG's Smart Designer web application, affecting versions up to 2.33.1.

It allows a low-privileged remote attacker to enumerate projects and usernames by making iterative requests to a specific endpoint in the application.

This vulnerability is classified under CWE-203 (Observable Discrepancy) and has a CVSS 3.1 base score of 4.3, indicating medium severity with limited confidentiality impact and no impact on integrity or availability.

Impact Analysis

The primary impact of this vulnerability is the potential disclosure of sensitive information, specifically the enumeration of projects and usernames.

An attacker with low privileges can remotely gather this information without user interaction, which could be used for further targeted attacks or reconnaissance.

However, the vulnerability does not affect data integrity or availability.

Detection Guidance

This vulnerability can be detected by monitoring for iterative requests to a specific endpoint in the WAGO Smart Designer web application that enumerate projects and usernames.

Network detection could involve capturing and analyzing HTTP requests to identify repeated access patterns targeting the vulnerable endpoint.

Specific commands are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade WAGO Smart Designer to version 2.34, which includes a patch addressing this vulnerability.

Compliance Impact

The vulnerability allows a low-privileged remote attacker to enumerate projects and usernames, potentially leading to the disclosure of sensitive information.

Such information disclosure could impact compliance with standards and regulations that require protection of personal or sensitive data, such as GDPR or HIPAA, by exposing user-related data.

However, the vulnerability has a low confidentiality impact and does not affect integrity or availability, which may limit the overall compliance risk.

Remediation by upgrading to Smart Designer version 2.34 is recommended to address this issue and reduce compliance risks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-5872. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart