Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Critical Missing Authentication for WAGO Device Sphere and Solution Builder, Patch Immediately!
Image
Veröffentlicht : 25/09/2025
* Last update: 25/09/2025
* Affected products:
→ WAGO: Device Sphere & Solution Builder* Type: CWE-306 Missing Authentication for Critical Function
* CVE/CVSS:
- CVE-2025-41715: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2025-41716: CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Sources
VDE CERT - https://certvde.com/de/advisories/VDE-2025-087
Risks
WAGO’s Device Sphere and Solution Builder are software platforms widely used for industrial automation and device management. A recently disclosed critical vulnerability exposes these products to unauthenticated remote database access due to missing authentication checks.
This flaw enables attackers to exfiltrate sensitive data (credentials, user roles) and potentially compromise the application, which has a high impact on confidentiality, integrity, and availability.
Description
CVE-2025-41715, CVSS 9.8
CWE-306 Missing Authentication for Critical Function
A remote attacker can exploit CVE-2025-41715 by sending unauthenticated requests to the web application’s database. This is exposed without authentication checks, so the attacker can read, modify, or delete data. This allows control over configurations and user accounts, including their credentials, which can potentially lead to a full compromise of the system.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. These vulnerabilities should be fixed in versions WAGO Software Device Sphere 1.1.0 and WAGO Software Solution Builder 2.3.3.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
NVD - https://nvd.nist.gov/vuln/detail/CVE-2025-41715
NVD - https://nvd.nist.gov/vuln/detail/CVE-2025-41716