Skip to main content

WAGO I/O-Field CVE-2026-4769

| EUVDEUVD-2026-43297 CRITICAL
Hidden Functionality (CWE-912)
2026-07-13 CERTVDE GHSA-2r6r-vgg5-p59v
9.3
CVSS 4.0 · Vendor: CERTVDE
Share

Severity by source

Vendor (CERTVDE) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

Unauthenticated network access yields full impact (PR:N, C/I/A:H), but the interface is only reachable during a fleeting boot window, a timing condition outside attacker control, so AC:H.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (CERTVDE).

CVSS VectorVendor: CERTVDE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 13, 2026 - 09:01 EUVD
Analysis Generated
Jul 13, 2026 - 08:21 vuln.today
CVE Published
Jul 13, 2026 - 06:35 cve.org
CRITICAL 9.3

DescriptionCVE.org

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.

AnalysisAI

Full system compromise of WAGO System I/O-Field series controllers (0765-xxx families) is possible when an unauthenticated remote attacker reaches an undocumented internal diagnostic interface that is briefly exposed during the device's early boot phase. Because the diagnostic capability requires no authentication and grants access to internal system processes, a successful attacker obtains complete control over confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach device on OT network
Delivery
Wait for or induce reboot
Exploit
Connect during early-boot window
Execution
Access undocumented diagnostic interface
Persist
Interact with internal system processes
Impact
Full controller compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires network access to the affected WAGO System I/O-Field 0765-series device AND that the device be in its initial startup/early boot sequence, during which the undocumented internal diagnostic capability is temporarily activated and reachable without authentication. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals mostly align on high severity but with one important nuance. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to a WAGO 0765 controller waits for or induces a device reboot, then connects to the undocumented diagnostic interface during the brief early-boot window and interacts with internal system processes to seize full control of the controller. No credentials or user interaction are required. …
Remediation No vendor-released patched firmware version is stated in the available data, so consult the CERT@VDE advisory VDE-2026-031 (https://www.certvde.com/en/advisories/VDE-2026-031/) for WAGO's official fixed-firmware guidance and apply it once published; do not act on invented version numbers. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all WAGO System I/O-Field series controller (0765-xxx) installations and assess their network exposure, documenting connection points and data criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-4769 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy