VDE-2025-087
Last update
09/24/2025 11:00
Published at
09/24/2025 11:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-087
CSAF Document
Summary
Due to a missing authentication check, the WAGO Solution Builder and the WAGO Device Sphere are vulnerable to a potential information exposure.
Impact
Exposing database credentials gives attackers direct database access, leading to data loss, theft or manipulation. Exposing user accounts and roles facilitates targeted attacks like brute-force or social engineering, increasing the risk of compromising privileged accounts.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| WAGO Software Device Sphere <1.1.0 | WAGO Software Device Sphere <1.1.0 | |
| WAGO Software Solution Builder <2.3.3 | WAGO Software Solution Builder <2.3.3 |
Vulnerabilities
Expand / Collapse all
Published
09/24/2025 12:37
Severity
Weakness
Missing Authentication for Critical Function (CWE-306)
Summary
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
References
Published
09/24/2025 12:37
Severity
Weakness
Missing Authentication for Critical Function (CWE-306)
References
Remediation
Please upgrade to the specified version or a later one of the WAGO Device Sphere or the WAGO Solution Builder.
| Affected Product | Fixed Version |
|---|---|
| WAGO Software Device Sphere | 1.1.0 |
| WAGO Software Solution Builder | 2.3.3 |
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 09/24/2025 11:00 | Initial Release. |