Back to overview

CVE-2026-4769

CRITICAL
9.8
CVSS 3.1
Description
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.

Metadata

CVE ID
CVE-2026-4769
State
PUBLISHED
Assigner
CERTVDE
Reserved
2026-03-24 13:19 UTC
Published
2026-07-13 06:35 UTC
Last updated
2026-07-13 06:35 UTC
Primary CWE
CWE-912
CWE-912 Hidden Functionality
Vendor / Product
WAGO / 0765-110x/0100-0000
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products (8)
VendorProductPlatformVersions
WAGO 0765-110x/0100-0000 1.0.0.0 < 1.2.1.100
WAGO 0765-120x/0100-0000 1.0.0.0 < 1.2.7.100
WAGO 0765-150x/0100-0000 1.0.0.0 < 1.2.7.103
WAGO 0765-2101/0100-0000 1.0.0.0 < 1.2.1.102
WAGO 0765-2102/0100-0000 1.0.0.0 < 1.2.5.101
WAGO 0765-410x/0100-0000 1.0.0.0 < 1.2.1.100
WAGO 0765-420x/0100-0000 1.0.0.0 < 1.2.7.100
WAGO 0765-450x/0100-0000 1.0.0.0 < 1.2.7.103
Weakness (CWE)
CWESourceDescription
CWE-912 cna CWE-912 Hidden Functionality
CVSS scores (2)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Back to overview