Description
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.
Published: 2026-04-16
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Assess Impact
AI Analysis

Impact

The vulnerability allows a low‑privileged remote attacker to enumerate projects and usernames by sending iterative requests to a specific endpoint within the Wago Smart Designer web application. This weakness can be classified as an unauthorized disclosure of data, as it reveals potentially sensitive information about projects and user accounts without proper authentication or authorization controls. The impact is a compromise of confidentiality, as attackers can gain insight into the structure and users of the system.

Affected Systems

The weakness appears in Wago Smart Designer version 2.33.1 and earlier. Systems running these or older versions are potentially affected. Higher versions are not listed as affected.

Risk and Exploitability

The CVSS score of 4.3 indicates low severity, and the EPSS score is unavailable, suggesting a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation is likely to require remote access to the Smart Designer web interface, and the attacker does not need privileged credentials. While the impact is limited to information disclosure, the lack of availability or denial‑of‑service effects keeps the overall risk moderate.

Generated by OpenCVE AI on April 16, 2026 at 08:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether your Smart Designer installation is version 2.33.1 or earlier and document the exact version.
  • Restrict external access to the Smart Designer web interface by implementing firewall or VPN rules so that only trusted users can reach the vulnerable endpoint.
  • Apply a vendor‑supplied update or upgrade to a version newer than 2.33.1 once it becomes available; if no update is released, consider disabling the vulnerable enumeration endpoint or restricting its use to authorized personnel only.

Generated by OpenCVE AI on April 16, 2026 at 08:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
Description In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.
Title Wago: Vulnerability in Smart Designer Web-Application
First Time appeared Wago
Wago smart Designer
Weaknesses CWE-203
CPEs cpe:2.3:a:wago:smart_designer:*:*:*:*:*:*:*:*
Vendors & Products Wago
Wago smart Designer
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wago Smart Designer
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-04-16T12:59:27.608Z

Reserved: 2023-10-31T07:22:47.201Z

Link: CVE-2023-5872

cve-icon Vulnrichment

Updated: 2026-04-16T12:59:24.306Z

cve-icon NVD

Status : Received

Published: 2026-04-16T05:16:12.373

Modified: 2026-04-16T05:16:12.373

Link: CVE-2023-5872

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:11:52Z

Weaknesses