CVE-2026-4769
Received Received - Intake

Unauthenticated Diagnostic Mode Access in WAGO System I/O Field Series

Vulnerability report for CVE-2026-4769, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: CERT VDE

Description

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wago system_i_o_field to specified_fixed_versions (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-912 The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

Certain devices in the WAGO System I/O Field series have an undocumented internal diagnostic feature that activates briefly during the early startup phase before the main operating environment initializes.

During this short window, the diagnostic capability is accessible without authentication, allowing an unauthenticated remote attacker to access internal system processes.

This unauthorized access can lead to a full system compromise because security mechanisms are not yet fully active during this early boot phase.

Impact Analysis

If you use affected WAGO System I/O Field devices, an attacker could remotely exploit this vulnerability during the device's early boot phase.

This could allow the attacker to gain unauthorized access to internal system processes and potentially take full control of the device.

Such a full system compromise could lead to disruption of device operations, unauthorized data access, or manipulation of system functions.

Mitigation Strategies

To mitigate the risk of this vulnerability, users should update to the latest firmware releases provided by WAGO.

The updated firmware disables the early-boot diagnostic exposure that allows unauthenticated remote attackers to access internal system processes during startup.

Compliance Impact

The vulnerability allows unauthenticated remote attackers to gain full system compromise during a brief early boot phase, potentially exposing sensitive internal system processes. Such unauthorized access could lead to breaches of confidentiality, integrity, and availability of data handled by the affected devices.

This type of security weakness may impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and systems against unauthorized access and compromise.

However, the provided context and resources do not explicitly discuss the direct effects of this vulnerability on compliance with these or other specific standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4769. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart