WAGO: Vulnerability in WAGO Device Sphere

Plan PatchCVSS 10VDE-2025-057Jun 23, 2025

WAGO

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

WAGO Device Sphere versions prior to 1.0.1 install identical certificates across all systems during installation. These certificates are used for JWT Token encryption and signing, enabling authentication to the system. Because the certificates are not unique per installation, an attacker can potentially forge authentication tokens and impersonate authorized users or systems. Device Sphere version 1.0 is end-of-support as of 30.06.2025 and must be updated.

What this means

What could happen

An attacker who obtains the shared certificate can forge authentication tokens to impersonate any WAGO Device Sphere system, gaining full administrative access to critical industrial control infrastructure and potentially disrupting connected WAGO devices and processes.

Who's at risk

Organizations operating WAGO Device Sphere deployments, particularly in manufacturing, water/wastewater treatment, electric utilities, and building automation. Anyone managing WAGO PLCs, I/O modules, or networked industrial devices through Device Sphere is affected.

How it could be exploited

An attacker obtains the identical certificate installed across all Device Sphere systems (either from a single system or public sources). Using this certificate, they forge valid JWT tokens with administrative privileges. They then use the forged token to authenticate to any Device Sphere instance on the network and execute administrative commands, such as modifying device configurations or accessing sensitive data.

Prerequisites

Network access to WAGO Device Sphere API or web interface
Knowledge of the shared certificate (attainable from any Device Sphere v1.0 installation, firmware dumps, or public disclosures)

Remotely exploitableNo authentication required with shared certificateLow complexityAffects all Device Sphere v1.0 instances identicallyDefault configuration vulnerabilityEnd-of-support deadline (30.06.2025)

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

Software Device Sphere <1.0.1<1.0.11.0.1

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to WAGO Device Sphere API and web interface to only authorized engineering workstations and management systems using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WAGO Device Sphere to version 1.0.1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate Device Sphere management traffic from untrusted networks

CVEs (1)

CVE-2025-41672

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/905829a7-ad1c-4fc4-a564-b20386ada9f3

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.