Vulnerabilites related to WAGO - Solution Builder
CVE-2025-41716 (GCVE-0-2025-41716)
Vulnerability from cvelistv5
Published
2025-09-24 09:04
Modified
2025-09-24 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WAGO | Solution Builder |
Version: 0.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:03:29.670633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:03:53.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.3.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.\u003cbr\u003e"
}
],
"value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T09:04:33.971Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-087"
}
],
"source": {
"advisory": "VDE-2025-087",
"defect": [
"CERT@VDE#641858"
],
"discovery": "UNKNOWN"
},
"title": "Unauthenticated User Enumeration via Missing Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41716",
"datePublished": "2025-09-24T09:04:33.971Z",
"dateReserved": "2025-04-16T11:17:48.313Z",
"dateUpdated": "2025-09-24T13:03:53.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41715 (GCVE-0-2025-41715)
Vulnerability from cvelistv5
Published
2025-09-24 09:04
Modified
2025-09-24 13:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | WAGO | Device Sphere |
Version: 0.0.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:07:23.769369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:07:30.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Device Sphere",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.3.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.\u003c/p\u003e"
}
],
"value": "The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T09:04:22.835Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-087"
}
],
"source": {
"advisory": "VDE-2025-087",
"defect": [
"CERT@VDE#641858"
],
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Database Access in Web Application",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41715",
"datePublished": "2025-09-24T09:04:22.835Z",
"dateReserved": "2025-04-16T11:17:48.312Z",
"dateUpdated": "2025-09-24T13:07:30.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}