Search
Find a vulnerability
Search criteria
2 vulnerabilities found for 0765-450x/0100-0000 by WAGO
CVE-2026-4769 (GCVE-0-2026-4769)
Vulnerability from nvd – Published: 2026-07-13 06:35 – Updated: 2026-07-13 14:44
VLAI
EPSS
VEX
Title
Unauthenticated Access to Internal Diagnostic Interface
Summary
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-912 - Hidden Functionality
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | 0765-110x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.1.100
(semver)
|
|
| WAGO | 0765-120x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.7.100
(semver)
|
|
| WAGO | 0765-150x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.7.103
(semver)
|
|
| WAGO | 0765-2101/0100-0000 |
Affected:
1.0.0.0 , < 1.2.1.102
(semver)
|
|
| WAGO | 0765-2102/0100-0000 |
Affected:
1.0.0.0 , < 1.2.5.101
(semver)
|
|
| WAGO | 0765-410x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.1.100
(semver)
|
|
| WAGO | 0765-420x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.7.100
(semver)
|
|
| WAGO | 0765-450x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.7.103
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T14:44:35.455141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T14:44:48.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0765-110x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.1.100",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-120x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.7.100",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-150x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.7.103",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-2101/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.1.102",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-2102/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.5.101",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-410x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.1.100",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-420x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.7.100",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-450x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.7.103",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.1.100",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7.100",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7.103",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.1.102",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.5.101",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.1.100",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7.100",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7.103",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCertain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.\u003c/p\u003e"
}
],
"value": "Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T06:35:01.116Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.certvde.com/en/advisories/VDE-2026-031/"
}
],
"source": {
"advisory": "VDE-2026-031",
"defect": [
"CERT@VDE#641997"
],
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Access to Internal Diagnostic Interface",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-4769",
"datePublished": "2026-07-13T06:35:01.116Z",
"dateReserved": "2026-03-24T13:19:36.714Z",
"dateUpdated": "2026-07-13T14:44:48.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4769 (GCVE-0-2026-4769)
Vulnerability from cvelistv5 – Published: 2026-07-13 06:35 – Updated: 2026-07-13 14:44
VLAI
EPSS
VEX
Title
Unauthenticated Access to Internal Diagnostic Interface
Summary
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-912 - Hidden Functionality
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | 0765-110x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.1.100
(semver)
|
|
| WAGO | 0765-120x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.7.100
(semver)
|
|
| WAGO | 0765-150x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.7.103
(semver)
|
|
| WAGO | 0765-2101/0100-0000 |
Affected:
1.0.0.0 , < 1.2.1.102
(semver)
|
|
| WAGO | 0765-2102/0100-0000 |
Affected:
1.0.0.0 , < 1.2.5.101
(semver)
|
|
| WAGO | 0765-410x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.1.100
(semver)
|
|
| WAGO | 0765-420x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.7.100
(semver)
|
|
| WAGO | 0765-450x/0100-0000 |
Affected:
1.0.0.0 , < 1.2.7.103
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T14:44:35.455141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T14:44:48.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0765-110x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.1.100",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-120x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.7.100",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-150x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.7.103",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-2101/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.1.102",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-2102/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.5.101",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-410x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.1.100",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-420x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.7.100",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0765-450x/0100-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.7.103",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.1.100",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7.100",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7.103",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.1.102",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.5.101",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.1.100",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7.100",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.7.103",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCertain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.\u003c/p\u003e"
}
],
"value": "Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T06:35:01.116Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.certvde.com/en/advisories/VDE-2026-031/"
}
],
"source": {
"advisory": "VDE-2026-031",
"defect": [
"CERT@VDE#641997"
],
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Access to Internal Diagnostic Interface",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-4769",
"datePublished": "2026-07-13T06:35:01.116Z",
"dateReserved": "2026-03-24T13:19:36.714Z",
"dateUpdated": "2026-07-13T14:44:48.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}