CVE-2026-3323

Summary

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

Affected Software

VendorProductVersion RangeStatus
VEGA GrieshaberVEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)1.0.0affected
VEGA GrieshaberVEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)1.1.0affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References