WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere

Act Now9.9VDE-2026-010Mar 30, 2026

WAGO

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in WAGO Solution Builder and WAGO Device Sphere affect components responsible for authentication and system communication. Device Sphere versions prior to 1.2.2 and Solution Builder versions prior to 2.4.2 are affected. The vulnerabilities involve CWE-790 (Improper Validation of Unsafe Reflection in an Exception Handler) and CWE-444 (Inconsistent Interpretation of HTTP Requests).

What this means

What could happen

An authenticated attacker could exploit these vulnerabilities to gain elevated privileges across the engineering and runtime environment, potentially allowing modifications to control logic or operational configurations across multiple WAGO devices and projects.

Who's at risk

Engineering teams and automation integrators using WAGO Solution Builder for control logic development and WAGO Device Sphere for device lifecycle management. This affects operators of facilities using WAGO PLCs and smart I/O devices where these tools are used for configuration and maintenance.

How it could be exploited

An attacker with engineering credentials or network access to Solution Builder or Device Sphere could exploit authentication or communication validation flaws to escalate privileges. This would allow them to modify control system configurations, move laterally between projects, or inject malicious control logic affecting connected WAGO PLCs and runtime devices.

Prerequisites

Valid engineering workstation credentials or network access to Solution Builder or Device Sphere management interface
Network connectivity to the affected application on the engineering network

Remotely exploitableAuthentication required but escalation possibleAffects control system engineering toolsDevice Sphere versions have no patch available

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Public Proof-of-Concept (PoC) on GitHub (3 repositories)

Affected products (4)

2 with fix2 pending

ProductAffected VersionsFix Status

Device Sphere < 1.2.2< 1.2.2No fix yet

Solution Builder < 2.4.2< 2.4.22.4.2 of the WAGO Solution Builder

Device Sphere 1.2.11.2.1No fix yet

Solution Builder 2.4.12.4.12.4.2 of the WAGO Solution Builder

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to Solution Builder and Device Sphere management interfaces to authorized engineering workstations only using firewall rules

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WAGO Solution Builder to version 2.4.2 or later

HOTFIXUpdate WAGO Device Sphere to version 1.2.2 or later

CVEs (2)

CVE-2026-2328 CVE-2025-55315

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b038b6b9-4b80-4278-8a76-ddbdde787296

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.