{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-5872", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-10-31T07:22:47.201Z", "datePublished": "2026-04-16T04:55:36.146Z", "dateUpdated": "2026-04-16T12:59:27.608Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Smart Designer", "vendor": "Wago", "versions": [{"lessThanOrEqual": "2.33.1", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wago:smart_designer:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.33.1", "versionStartIncluding": "0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "reporter", "value": "Brett Dewall from White Oak Security"}], "datePublic": "2023-12-05T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.</span><br>"}], "value": "In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-04-16T04:55:36.146Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2023-045"}, {"tags": ["vendor-advisory"], "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json"}], "source": {"advisory": "VDE-2023-045", "discovery": "UNKNOWN"}, "title": "Wago: Vulnerability in Smart Designer Web-Application", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T12:59:20.406412Z", "id": "CVE-2023-5872", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:59:27.608Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5872", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T12:59:20.406412Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:59:24.306Z"}}], "cna": {"title": "Wago: Vulnerability in Smart Designer Web-Application", "source": {"advisory": "VDE-2023-045", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Brett Dewall from White Oak Security"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wago", "product": "Smart Designer", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "2.33.1"}], "defaultStatus": "unaffected"}], "datePublic": "2023-12-05T07:00:00.000Z", "references": [{"url": "https://certvde.com/de/advisories/VDE-2023-045"}, {"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wago:smart_designer:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "2.33.1", "versionStartIncluding": "0.0.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-04-16T04:55:36.146Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5872", "state": "PUBLISHED", "dateUpdated": "2026-04-16T12:59:27.608Z", "dateReserved": "2023-10-31T07:22:47.201Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2026-04-16T04:55:36.146Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint."}], "id": "CVE-2023-5872", "lastModified": "2026-04-16T05:16:12.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2026-04-16T05:16:12.373", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/de/advisories/VDE-2023-045"}, {"source": "info@cert.vde.com", "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,2.33.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Smart Designer", "source": "cna", "vendor": "Wago"}, "product": "smart_designer", "vendor": "wago"}], "analysis": {"en": {"generated_at": "2026-04-16T08:57:47.613921+00:00", "value": {"mitigation_remediation": ["Verify whether your Smart Designer installation is version 2.33.1 or earlier and document the exact version.", "Restrict external access to the Smart Designer web interface by implementing firewall or VPN rules so that only trusted users can reach the vulnerable endpoint.", "Apply a vendor\u2011supplied update or upgrade to a version newer than 2.33.1 once it becomes available; if no update is released, consider disabling the vulnerable enumeration endpoint or restricting its use to authorized personnel only."], "summary": {"action": "Assess Impact", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The weakness appears in Wago Smart Designer version 2.33.1 and earlier. Systems running these or older versions are potentially affected. Higher versions are not listed as affected.", "description_and_impact": "The vulnerability allows a low\u2011privileged remote attacker to enumerate projects and usernames by sending iterative requests to a specific endpoint within the Wago Smart Designer web application. This weakness can be classified as an unauthorized disclosure of data, as it reveals potentially sensitive information about projects and user accounts without proper authentication or authorization controls. The impact is a compromise of confidentiality, as attackers can gain insight into the structure and users of the system.", "risk_and_exploitability": "The CVSS score of 4.3 indicates low severity, and the EPSS score is unavailable, suggesting a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation is likely to require remote access to the Smart Designer web interface, and the attacker does not need privileged credentials. While the impact is limited to information disclosure, the lack of availability or denial\u2011of\u2011service effects keeps the overall risk moderate."}}}}, "created": "2026-04-16T09:00:05.294484+00:00", "updated": "2026-04-16T09:11:52.703995+00:00", "vendors": ["wago", "wago$PRODUCT$smart_designer"]}