Primary

Context

WAGO Device Sphere JWT Token Forgery Vulnerability Allowing Unauthorized Access

Vulnerability

A vulnerability exists in WAGO Device Sphere version 1.0.0, where identical default certificates are installed across all systems instead of unique ones. This flaw allows remote unauthenticated attackers to generate JSON Web Tokens (JWT) that are valid for all users, thereby gaining full access to the application and all connected devices.

Impact

Exploitation of this vulnerability allows for the forgery of JWTs, enabling unauthorized access to the application and connected devices. This impersonation can lead to a complete compromise of the system's security.

Remediation

Users are advised to update to WAGO Device Sphere version 1.0.1. Version 1.0.0 cannot be used after June 30, 2025.

Added: Jul 7, 2025, 7:19 AM

Updated: Jul 7, 2025, 7:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WAGO Device Sphere JWT Token Forgery Vulnerability Allowing Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating