Primary

Context

WAGO Device Manager CORS Policy Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability exists in WAGO Device Manager due to an overly permissive Cross-Origin Resource Sharing (CORS) policy. This flaw allows unauthenticated remote attackers to access server responses, potentially exposing sensitive data or facilitating further attacks. The issue affects multiple WAGO products, including various controllers and touch panels, all running versions prior to the latest firmware updates.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data, unauthorized read access to the file system, and potential remote exploitation of the device.

Remediation

Users are advised to update to WAGO Device Manager firmware version 04.07.01 (FW29) or 03.10.11 (FW22 Patch 2). For the latest custom firmware, please contact WAGO support.

Added: Jun 16, 2025, 10:23 AM

Updated: Jun 16, 2025, 12:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WAGO Device Manager CORS Policy Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating