CVE-2026-1453
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| KiloView | Encoder Series E1 hardware Version 1.4 | 4.7.2516 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.7.2511 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.8.2523 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.8.2611 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.6.2400 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.7.2512 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.8.2561 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.8.2554 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.3.2029 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.8.2555 | affected |
| KiloView | Encoder Series E1 hardware Version 1.6.20 | 4.6.2408 | affected |
| KiloView | Encoder Series E1-s hardware Version 1.4 | 4.7.2516 | affected |
| KiloView | Encoder Series E1-s hardware Version 1.4 | 4.8.2519 | affected |
| KiloView | Encoder Series E1-s hardware Version 1.4 | 4.8.2525 | affected |
| KiloView | Encoder Series E1-s hardware Version 1.4 | 4.8.2611 | affected |
| KiloView | Encoder Series E1-s hardware Version 1.4 | 4.8.2561 | affected |
| KiloView | Encoder Series E1-s hardware Version 1.4 | 4.8.2554 | affected |
| KiloView | Encoder Series E1-s hardware Version 1.4 | 4.8.2523 | affected |
| KiloView | Encoder Series E2 hardware Version 1.7.20 | 4.8.2611 | affected |
| KiloView | Encoder Series E2 hardware Version 1.7.20 | 4.8.2561 | affected |
| KiloView | Encoder Series E2 hardware Version 1.8.20 | 4.8.2523 | affected |
| KiloView | Encoder Series E2 hardware Version 1.8.20 | 4.8.2611 | affected |
| KiloView | Encoder Series E2 hardware Version 1.8.20 | 4.8.2554 | affected |
| KiloView | Encoder Series G1 hardware Version 1.6.20 | 4.8.2561 | affected |
| KiloView | Encoder Series P1 hardware Version 1.3.20 | 4.8.2633 | affected |
| KiloView | Encoder Series P1 hardware Version 1.3.20 | 4.8.2608 | affected |
| KiloView | Encoder Series P2 hardware Version 1.8.20 | 4.8.2633 | affected |
| KiloView | Encoder Series RE1 hardware Version 2.0.00 | 4.7.2513 | affected |
| KiloView | Encoder Series RE1 hardware Version 3.0.00 | 4.8.2519 | affected |
| KiloView | Encoder Series RE1 hardware Version 3.0.00 | 4.8.2561 | affected |
| KiloView | Encoder Series RE1 hardware Version 3.0.00 | 4.8.2611 | affected |
| KiloView | Encoder Series RE1 hardware Version 3.0.00 | 4.8.2525 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
KiloView has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of KiloView Encoder Series are invited to contact KiloView customer support for additional information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.