Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://www.certvde.com/en/advisories/VDE-2026-031/ |
|
History
Mon, 13 Jul 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise. | |
| Title | Unauthenticated Access to Internal Diagnostic Interface | |
| First Time appeared |
Wago
Wago field Profinet |
|
| Weaknesses | CWE-912 | |
| CPEs | cpe:2.3:o:wago:field_profinet:*:*:*:*:*:*:*:* cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Wago
Wago field Profinet |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: CERTVDE
Published:
Updated: 2026-07-13T06:35:01.116Z
Reserved: 2026-03-24T13:19:36.714Z
Link: CVE-2026-4769
No data.
No data.
No data.
OpenCVE Enrichment
No data.