CVE-2026-4769

Summary

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.

Affected Software

VendorProductVersion RangeStatus
WAGO0765-110x/0100-00001.0.0.0 < 1.2.1.100affected
WAGO0765-120x/0100-00001.0.0.0 < 1.2.7.100affected
WAGO0765-150x/0100-00001.0.0.0 < 1.2.7.103affected
WAGO0765-2101/0100-00001.0.0.0 < 1.2.1.102affected
WAGO0765-2102/0100-00001.0.0.0 < 1.2.5.101affected
WAGO0765-410x/0100-00001.0.0.0 < 1.2.1.100affected
WAGO0765-420x/0100-00001.0.0.0 < 1.2.7.100affected
WAGO0765-450x/0100-00001.0.0.0 < 1.2.7.103affected

Weaknesses

  • CWE-912: CWE-912 Hidden Functionality

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References