CVE-2026-6284
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Horner Automation | Cscape | 10.0 | affected |
| Horner Automation | XL7 PLC | 15.60 | affected |
| Horner Automation | XL4 PLC | 16.32.0 | affected |
Weaknesses
- CWE-521: CWE-521
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://hornerautomation.com/cscape-software-free/cscape-software/
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.