Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.

Project Subscriptions

Vendors Products
0765-110x/0100-0000 Subscribe
0765-120x/0100-0000 Subscribe
0765-150x/0100-0000 Subscribe
0765-2101/0100-0000 Subscribe
0765-2102/0100-0000 Subscribe
0765-410x/0100-0000 Subscribe
0765-420x/0100-0000 Subscribe
0765-450x/0100-0000 Subscribe
Field Profinet Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 13 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 13 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Wago 0765-110x/0100-0000
Wago 0765-120x/0100-0000
Wago 0765-150x/0100-0000
Wago 0765-2101/0100-0000
Wago 0765-2102/0100-0000
Wago 0765-410x/0100-0000
Wago 0765-420x/0100-0000
Wago 0765-450x/0100-0000
Vendors & Products Wago 0765-110x/0100-0000
Wago 0765-120x/0100-0000
Wago 0765-150x/0100-0000
Wago 0765-2101/0100-0000
Wago 0765-2102/0100-0000
Wago 0765-410x/0100-0000
Wago 0765-420x/0100-0000
Wago 0765-450x/0100-0000

Mon, 13 Jul 2026 07:45:00 +0000

Type Values Removed Values Added
Description Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
Title Unauthenticated Access to Internal Diagnostic Interface
First Time appeared Wago
Wago field Profinet
Weaknesses CWE-912
CPEs cpe:2.3:o:wago:field_profinet:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*
Vendors & Products Wago
Wago field Profinet
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-07-13T14:44:48.962Z

Reserved: 2026-03-24T13:19:36.714Z

Link: CVE-2026-4769

cve-icon Vulnrichment

Updated: 2026-07-13T14:44:44.417Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T14:39:12Z

Weaknesses