Threat Advisory

WAGO Device Sphere and Solution Builder Vulnerability Expose Database and User Credentials

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

Two vulnerabilities have been discovered in WAGO Device Sphere and WAGO Solution Builder, widely used software for industrial automation and device management, which could expose sensitive data and enable targeted attacks. The most severe issue arises from a missing authentication check, allowing unauthenticated remote attackers to access the web application database, potentially leading to data loss, theft, or full application compromise. A second vulnerability permits attackers to enumerate user accounts and their roles, increasing the risk of brute-force attacks, credential stuffing, or social engineering campaigns targeting privileged users. Together, these flaws create a pathway for initial compromise and privilege escalation, highlighting the urgent need for organizations to upgrade to the latest secure software versions to mitigate potential threats.[/subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

Two vulnerabilities have been discovered in WAGO Device Sphere and WAGO Solution Builder, widely used software for industrial automation and device management, which could expose sensitive data and enable targeted attacks. The most severe issue arises from a missing authentication check, allowing unauthenticated remote attackers to access the web application database, potentially leading to data loss, theft, or full application compromise. A second vulnerability permits attackers to enumerate user accounts and their roles, increasing the risk of brute-force attacks, credential stuffing, or social engineering campaigns targeting privileged users. Together, these flaws create a pathway for initial compromise and privilege escalation, highlighting the urgent need for organizations to upgrade to the latest secure software versions to mitigate potential threats.[emaillocker id="1283"]

  • CVE-2025-41715: It is a vulnerability in WAGO Device Sphere and WAGO Solution Builder caused by a missing authentication check. It allows unauthenticated remote attackers to access the web application database. Attackers can read, modify, or delete records, potentially leading to data loss, theft, or full application compromise. Exploiting this flaw could enable privilege escalation and targeted attacks on the affected environment. The vulnerability has a CVSS score of 9.8.
  • CVE-2025-41716:  It is a vulnerability in WAGO Device Sphere and WAGO Solution Builder that allows unauthenticated attackers to enumerate user accounts and their roles. This flaw occurs due to missing authentication for functions in the web application. Exploitation can facilitate brute-force attacks, credential stuffing, or targeted social engineering campaigns. Attackers could gain insights into privileged accounts, increasing the risk of compromise. The vulnerability has a CVSS score of 5.3.

 

RECOMMENDATION:

We strongly recommend you update WAGO Device Sphere and Solution Builder Products to below version:

  • For WAGO Device Sphere to version 1.1.0 or later.
  • For WAGO Solution Builder to version 2.3.3 or later.

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu