WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere

Act Now9.9VDE-2026-010Mar 30, 2026

WAGO

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in WAGO Solution Builder and Device Sphere allow attackers with engineering credentials to bypass authentication controls and exploit improper system communication handling. These flaws could allow unauthorized modification of device configurations and process parameters. Solution Builder has been patched in version 2.4.2. Device Sphere version 1.2.2 addresses the issues, but earlier versions have no fix available from the vendor. The vulnerabilities (CWE-790: improper input validation, CWE-444: inconsistent interpretation of HTTP requests) affect the authentication and communication components of both products.

What this means

What could happen

An attacker with engineering workstation credentials could exploit authentication flaws in Device Sphere or Solution Builder to bypass access controls and modify device configurations, potentially disrupting control system operations. The vulnerability affects system communication, allowing unauthorized configuration changes across connected WAGO devices.

Who's at risk

Organizations running water treatment plants, electrical substations, or other critical infrastructure that rely on WAGO programmable logic controllers (PLCs) and automated control systems are affected. This includes teams using WAGO Solution Builder for control system programming and Device Sphere for device management and configuration. Engineering and OT operations staff who use these tools to maintain automation systems should prioritize remediation.

How it could be exploited

An attacker with valid engineering workstation credentials logs into Device Sphere or Solution Builder, then exploits authentication bypass or improper system communication handling (CWE-790, CWE-444) to perform unauthorized actions such as modifying device settings, deploying malicious configurations, or disrupting communication between devices on the network.

Prerequisites

Valid engineering workstation credentials (username and password)
Network access to Device Sphere or Solution Builder management interface
WAGO Device Sphere version below 1.2.2 or Solution Builder version below 2.4.2 deployed in the environment

remotely exploitablerequires valid credentialslow complexityaffects system authentication and communicationpartial fix availability (Solution Builder patched, Device Sphere unpatched for some versions)

Affected products (4)

2 with fix2 pending

ProductAffected VersionsFix Status

Device Sphere < 1.2.2< 1.2.2No fix yet

Solution Builder < 2.4.2< 2.4.22.4.2 of the WAGO Solution Builder

Device Sphere 1.2.11.2.1No fix yet

Solution Builder 2.4.12.4.12.4.2 of the WAGO Solution Builder

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to Device Sphere and Solution Builder management interfaces to authorized engineering workstations only using firewall rules

HARDENINGEnforce strong password policies for all engineering workstation accounts with access to WAGO management tools

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WAGO Solution Builder to version 2.4.2 or later

HOTFIXUpdate WAGO Device Sphere to version 1.2.2 or later if available; contact WAGO support for Device Sphere patches as fixes are not currently available for some versions

Long-term hardening

0/1

HARDENINGMonitor and audit administrative actions in Device Sphere and Solution Builder logs for unauthorized configuration changes

CVEs (2)

CVE-2026-2328 CVE-2025-55315

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b038b6b9-4b80-4278-8a76-ddbdde787296