CVE-2026-6284

Summary

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

Affected Software

VendorProductVersion RangeStatus
Horner AutomationCscape10.0affected
Horner AutomationXL7 PLC15.60affected
Horner AutomationXL4 PLC16.32.0affected

Weaknesses

  • CWE-521: CWE-521

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References