Home
CRITICAL: 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NCRITICAL: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
1.0.0.0 (semver) before 1.2.1.100
affected
Default status
unaffected
1.0.0.0 (semver) before 1.2.7.100
affected
Default status
unaffected
1.0.0.0 (semver) before 1.2.7.103
affected
Default status
unaffected
1.0.0.0 (semver) before 1.2.1.102
affected
Default status
unaffected
1.0.0.0 (semver) before 1.2.5.101
affected
Default status
unaffected
1.0.0.0 (semver) before 1.2.1.100
affected
Default status
unaffected
1.0.0.0 (semver) before 1.2.7.100
affected
Default status
unaffected
1.0.0.0 (semver) before 1.2.7.103
affected
Description
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
Problem types
Product status
1.0.0.0 (semver) before 1.2.1.100
1.0.0.0 (semver) before 1.2.7.100
1.0.0.0 (semver) before 1.2.7.103
1.0.0.0 (semver) before 1.2.1.102
1.0.0.0 (semver) before 1.2.5.101
1.0.0.0 (semver) before 1.2.1.100
1.0.0.0 (semver) before 1.2.7.100
1.0.0.0 (semver) before 1.2.7.103
References
www.certvde.com/en/advisories/VDE-2026-031/