Primary

Context

WAGO Solution Builder and WAGO Device Sphere Path Traversal Vulnerability Allowing Sensitive Information Exposure

Vulnerability

Patched

A path traversal vulnerability has been identified in WAGO Solution Builder versions prior to 2.4.2 and 2.4.1, as well as WAGO Device Sphere version 1.2.1 and versions prior to 1.2.2. This vulnerability allows unauthenticated remote attackers to exploit insufficient input validation, gaining access to backend components beyond their intended scope and resulting in the exposure of sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to protected system areas, bypassing security controls and exposing sensitive data, thereby reducing overall system trustworthiness.

Remediation

Users are advised to update to WAGO Device Sphere version 1.2.2 and WAGO Solution Builder version 2.4.2.

Added: Mar 30, 2026, 8:20 AM

Updated: Mar 30, 2026, 8:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WAGO Solution Builder and WAGO Device Sphere Path Traversal Vulnerability Allowing Sensitive Information Exposure

Vulnerability

Impact

Remediation

Affected Products

WAGO Device Sphere

WAGO Solution Builder

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating