CVE-2026-4769

WAGO · 0765-110x/0100-0000

WAGO System I/O Field series devices contain undocumented diagnostic functionality accessible without authentication during the boot sequence, leading to full system compromise.

Executive summary

Undocumented diagnostic functionality in WAGO System I/O Field devices allows unauthenticated remote attackers to gain full system control during the device startup phase.

Vulnerability

WAGO devices expose undocumented diagnostic capabilities during startup that do not require authentication. An unauthenticated remote attacker can exploit this window to gain unauthorized access to internal system processes.

Business impact

Full system compromise of industrial I/O devices can lead to physical process disruption, safety hazards, and loss of control over industrial operations. The CVSS score of 9.8 reflects the critical nature of this vulnerability in an operational technology (OT) environment.

Remediation

Immediate Action: Update the affected WAGO devices to the patched firmware versions provided in the vendor's security advisory.

Proactive Monitoring: Monitor network traffic for unusual connection attempts targeting industrial devices, particularly during system reboot cycles.

Compensating Controls: Isolate WAGO I/O devices within restricted OT network segments and implement strict firewall rules to prevent unauthorized remote access to the devices.

Exploitation status

Public Exploit Available: No (No confirmed public exploit available in current data).

Analyst recommendation

This vulnerability presents a significant risk to industrial safety and reliability. Operators must prioritize firmware updates and network isolation to protect these critical assets from potential exploitation.