CVE-2023-5872

Description

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.

References

• https://certvde.com/de/advisories/VDE-2023-045
• https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json