CNNVD-202509-3886 Information
CNNVD ID
CNNVD-202509-3886
Related CVE
- CNNVD Published: 2025-09-24
Description (Chinese)
WAGO Device Sphere和WAGO Solution Builder都是德国万可(WAGO)公司的产品。WAGO Device Sphere是一个设备管理系统。WAGO Solution Builder是一款项目配置与工程设计平台。 WAGO Device Sphere和WAGO Solution Builder存在访问控制错误漏洞,该漏洞源于关键功能缺少身份验证,可能导致未经验证的远程攻击者获取用户账户及其对应角色信息。
Description (English)
WAGO Device Sphere and WAGO Solutions Builder are products of the German company WAGO. WAGO Device Sphere is an equipment management system. WAGO Solutions Builder is a project configuration and engineering design platform. There is an access control error gap between WAGO Device Sphere and WAGO Solutions Builder, which stems from the lack of authentication of key functions, which may lead uncertified remote assailants to access user accounts and their corresponding role information.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
万可
Published
2025-09-24
Last Modified
2026-02-24
References
https://certvde.com/de/advisories/VDE-2025-087 https://access.redhat.com/security/cve/cve-2025-41716
Patch
https://downloadcenter.wago.com/wago/software
Share on: