Skip to main content

Device Sphere EUVDEUVD-2026-17064

| CVE-2026-2328 HIGH
Improper Filtering of Special Elements (CWE-790)
2026-03-30 CERTVDE
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:11 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.2.2,2.4.2
EUVD ID Assigned
Mar 30, 2026 - 07:30 euvd
EUVD-2026-17064
Analysis Generated
Mar 30, 2026 - 07:30 vuln.today
CVE Published
Mar 30, 2026 - 06:55 nvd
HIGH 7.5

DescriptionCVE.org

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

AnalysisAI

Path traversal in WAGO Device Sphere and Solution Builder allows unauthenticated remote attackers to access backend components and expose sensitive information. The vulnerability stems from insufficient input validation (CWE-790), enabling attackers to bypass intended access boundaries with low complexity over network vectors. CVSS 7.5 (High) reflects significant confidentiality impact. EPSS data unavailable; no public exploit identified at time of analysis, and CISA KEV status not confirmed.

Technical ContextAI

This vulnerability affects WAGO's industrial automation management platforms - Device Sphere and Solution Builder - used for configuring and managing ICS/OT devices. The root cause is CWE-790 (Improper Filtering of Special Elements), a broad category encompassing input validation failures. In this case, attackers exploit path traversal sequences (e.g., '../' or absolute paths) to navigate file systems or API endpoints beyond their authorized scope. The affected CPE strings (cpe:2.3:a:wago:device_sphere and cpe:2.3:a:wago:solution_builder) indicate both products are vulnerable across unspecified version ranges. As web-accessible backend management interfaces for critical infrastructure components, these platforms often contain configuration files, credentials, device inventories, and operational data - making path traversal particularly dangerous in OT environments where network segmentation may be incomplete.

RemediationAI

Consult the official CERT@VDE advisory at https://certvde.com/de/advisories/VDE-2026-010 for vendor-supplied patches or workarounds. Patch availability and specific fix versions are not confirmed in the provided data; organizations should contact WAGO support or monitor the advisory URL for updates. As an immediate compensating control, restrict network access to Device Sphere and Solution Builder management interfaces using firewall rules, VLANs, or VPN enforcement to prevent unauthenticated remote access. Apply the principle of least privilege by limiting which network segments can reach these administration consoles. Implement web application firewall (WAF) rules to detect and block common path traversal patterns (../, absolute paths, URL encoding variations) if patching is delayed. Audit existing deployments for signs of exploitation by reviewing access logs for anomalous file requests or directory traversal attempts. Disable or remove these platforms from internet-facing networks entirely if operationally feasible.

Share

EUVD-2026-17064 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy