Back to overview

WAGO: Early-Boot Diagnostic Exposure in WAGO System I/O Field Devices

VDE-2026-031
Last update
07/13/2026 09:00
Published at
07/13/2026 09:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2026-031
CSAF Document

Summary

Certain devices in the WAGO System I/O Field series enable an internal diagnostic capability during the initial stages of system startup. This behavior, which is not part of the publicly documented feature set, briefly allows access to system functions before the main operating environment becomes fully active. Under specific conditions, this could permit interactions with system components that are normally protected during regular operation.

Impact

If network access is available during the early startup phase, an external party may be able to influence device behavior in ways not intended for routine operation. This could potentially affect system integrity or configuration prior to the full initialization of security mechanisms.

Affected Product(s)

Model no. Product name Affected versions
0765-110?/0100-0000 0765-110x/0100-0000 Firmware <1.2.1.100
0765-120?/0100-0000 0765-120x/0100-0000 Firmware <1.2.7.100
0765-150?/0100-0000 0765-150x/0100-0000 Firmware <1.2.7.103
0765-210?/0100-0000 0765-2101/0100-0000 Firmware <1.2.1.102
0765-2102/0100-0000 0765-2102/0100-0000 Firmware <1.2.5.101
0765-410?/0100-0000 0765-410x/0100-0000 Firmware <1.2.1.100
0765-420?/0100-0000 0765-420x/0100-0000 Firmware <1.2.7.100
0765-450?/0100-0000 0765-450x/0100-0000 Firmware <1.2.7.103

Vulnerabilities

Expand / Collapse all

Published
07/13/2026 09:20
Weakness
Hidden Functionality (CWE-912)
Summary

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.

References

Remediation

Update to the listed fixed versions of the affected firmwares:

Fixed Version Product Name
1.2.1.100 I/O System Field 0765-110x/0100-0000
1.2.7.100 I/O System Field 0765-120x/0100-0000
1.2.7.103 I/O System Field 0765-150x/0100-0000
1.2.1.102 I/O System Field 0765-2101/0100-0000
1.2.5.101 I/O System Field 0765-2102/0100-0000
1.2.1.100 I/O System Field 0765-410x/0100-0000
1.2.7.100 I/O System Field 0765-420x/0100-0000
1.2.7.103 I/O System Field 0765-450x/0100-0000

Acknowledgments

WAGO GmbH & Co. KG thanks the following parties for their efforts:

Revision History

Version Date Summary
1.0.0 07/13/2026 09:00 Release version.