CVE-2026-4769: CWE-912 Hidden Functionality in WAGO 0765-110x/0100-0000
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
AI Analysis
Technical Summary
The WAGO 0765-110x/0100-0000 device firmware version 1.0.0.0 includes an undocumented internal diagnostic capability that activates during the initial boot sequence. This hidden functionality is accessible remotely without authentication for a short period, enabling attackers to interact with internal system processes. Exploitation during this window can lead to full system compromise. The vulnerability is identified as CWE-912, indicating the presence of hidden functionality that can be abused. No official remediation or patch is currently documented by the vendor.
Potential Impact
An unauthenticated remote attacker can gain full control over the affected device during the early boot phase by exploiting the undocumented diagnostic mode. This results in complete system compromise, potentially allowing manipulation or disruption of device operations.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or mitigation has been documented. Until a patch is available, consider restricting network access to the device during startup if possible or monitoring device behavior closely during boot sequences.
CVE-2026-4769: CWE-912 Hidden Functionality in WAGO 0765-110x/0100-0000
Description
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
CVSS v4.0
Score 9.3critical
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The WAGO 0765-110x/0100-0000 device firmware version 1.0.0.0 includes an undocumented internal diagnostic capability that activates during the initial boot sequence. This hidden functionality is accessible remotely without authentication for a short period, enabling attackers to interact with internal system processes. Exploitation during this window can lead to full system compromise. The vulnerability is identified as CWE-912, indicating the presence of hidden functionality that can be abused. No official remediation or patch is currently documented by the vendor.
Potential Impact
An unauthenticated remote attacker can gain full control over the affected device during the early boot phase by exploiting the undocumented diagnostic mode. This results in complete system compromise, potentially allowing manipulation or disruption of device operations.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or mitigation has been documented. Until a patch is available, consider restricting network access to the device during startup if possible or monitoring device behavior closely during boot sequences.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERTVDE
- Date Reserved
- 2026-03-24T13:19:36.714Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a54990e68715ace436e949f
Added to database: 07/13/2026, 07:51:42 UTC
Last enriched: 07/13/2026, 07:52:27 UTC
Last updated: 07/13/2026, 23:48:37 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.