VDE-2026-010

Vulnerability from csaf_wagogmbhcokg - Published: 2026-03-30 07:00 - Updated: 2026-03-30 07:00
Summary
WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere
Severity
Critical
Notes
Summary: Multiple vulnerabilities have been identified in WAGO Solution Builder and WAGO Device Sphere that affect components responsible for authentication and system communication.
Impact: The identified vulnerabilities could enable unauthorized parties to gain access to protected system areas or bypass intended security controls. This may expose sensitive data and reduce overall system trustworthiness if not promptly addressed.
Remediation: Update to WAGO Device Sphere version 1.2.2. and WAGO Solution Builder version 2.4.2
CVE-2026-2328

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-790 - Improper Filtering of Special Elements
Vendor Fix Update to WAGO Device Sphere version 1.2.2. and WAGO Solution Builder version 2.4.2
CVE-2025-55315

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

9.9 (Critical)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Vendor Fix Update to version 2.4.2 of the WAGO Solution Builder. https://downloadcenter.wago.com/wago/software/det…
References
Acknowledgments
CERTVDE certvde.com
SySS GmbH Marvin Ramsperger
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERTVDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Marvin Ramsperger"
        ],
        "organization": "SySS GmbH",
        "summary": "reporting"
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities have been identified in WAGO Solution Builder and WAGO Device Sphere that affect components responsible for authentication and system communication.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The identified vulnerabilities could enable unauthorized parties to gain access to protected system areas or bypass intended security controls. This may expose sensitive data and reduce overall system trustworthiness if not promptly addressed.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Update to WAGO Device Sphere version 1.2.2. and WAGO Solution Builder version 2.4.2",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "self",
        "summary": "WAGO PSIRT",
        "url": "https://www.wago.com/de-en/automation-technology/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO",
        "url": "https://certvde.com/de/advisories/vendor/wago/"
      },
      {
        "category": "self",
        "summary": "VDE-2026-010: WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2026-010"
      },
      {
        "category": "self",
        "summary": "VDE-2026-010: WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-010.json"
      }
    ],
    "title": "WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere",
    "tracking": {
      "aliases": [
        "VDE-2026-010"
      ],
      "current_release_date": "2026-03-30T07:00:00.000Z",
      "generator": {
        "date": "2026-03-26T10:18:28.328Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.44"
        }
      },
      "id": "VDE-2026-010",
      "initial_release_date": "2026-03-30T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-03-30T07:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:generic/\u003c1.2.2",
                    "product": {
                      "name": "WAGO Device Sphere \u003c 1.2.2",
                      "product_id": "CSAFPID-21001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.2.2",
                    "product": {
                      "name": "WAGO Device Sphere 1.2.2",
                      "product_id": "CSAFPID-22001",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:o:wago:device_sphere:1.2.2:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "1.2.1",
                    "product": {
                      "name": "WAGO Device Sphere 1.2.1",
                      "product_id": "CSAFPID-21003",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:o:wago:device_sphere:1.2.1:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Device Sphere"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:generic/\u003c2.4.2",
                    "product": {
                      "name": "WAGO Solution Builder \u003c 2.4.2",
                      "product_id": "CSAFPID-21002"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "2.4.2",
                    "product": {
                      "name": "WAGO Solution Builder 2.4.2",
                      "product_id": "CSAFPID-22002",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:o:wago:solution_builder:2.4.2:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "2.4.1",
                    "product": {
                      "name": "WAGO Solution Builder 2.4.1",
                      "product_id": "CSAFPID-21004",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:o:wago:solution_builder:2.4.1:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Solution Builder"
              }
            ],
            "category": "product_name",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-21001",
          "CSAFPID-21002",
          "CSAFPID-21003",
          "CSAFPID-21004"
        ],
        "summary": "Affected products"
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-22001",
          "CSAFPID-22002"
        ],
        "summary": "Fixed products"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-2328",
      "cwe": {
        "id": "CWE-790",
        "name": "Improper Filtering of Special Elements"
      },
      "notes": [
        {
          "category": "description",
          "text": "An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-22001",
          "CSAFPID-22002"
        ],
        "known_affected": [
          "CSAFPID-21001",
          "CSAFPID-21002",
          "CSAFPID-21003",
          "CSAFPID-21004"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-05T09:00:00.000Z",
          "details": "Update to WAGO Device Sphere version 1.2.2. and WAGO Solution Builder version 2.4.2",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-21001",
            "CSAFPID-21002",
            "CSAFPID-21003",
            "CSAFPID-21004"
          ]
        }
      ],
      "title": "Backend Access Due to Insufficient Input Validation"
    },
    {
      "cve": "CVE-2025-55315",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Inconsistent interpretation of http requests (\u0027http request/response smuggling\u0027) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-22002"
        ],
        "known_affected": [
          "CSAFPID-21002"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-26T14:00:00.000Z",
          "details": "Update to version 2.4.2 of the WAGO Solution Builder.",
          "product_ids": [
            "CSAFPID-21002",
            "CSAFPID-21004"
          ],
          "url": "https://downloadcenter.wago.com/wago/software/details/ml0xpukz3zpftjwo9mx"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.9,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 9.9,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-21002"
          ]
        }
      ],
      "title": "ASP.NET Security Feature Bypass Vulnerability"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.