CVE-2026-8072

Summary

Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation.

Affected Software

VendorProductVersion RangeStatus
IngeteamIngecon Sun EMS Board0 <= AAX1055CTaffected
IngeteamIngecon Sun EMS Board0 <= ABU1001_Paffected
IngeteamIngecon Sun EMS Board0 <= ACL1201_Baffected
IngeteamIngecon Sun EMS Board0 <= ACL1200ALaffected
IngeteamIngecon Sun EMS Board0 <= ABH1027_Kaffected
IngeteamIngecon Sun EMS Board0 <= ABH1007_Zaffected
IngeteamIngecon Sun EMS Board0 <= ABS1009_Laffected
IngeteamIngecon Sun EMS Board0 <= ABS1005_Taffected
IngeteamIngecon Sun EMS Board0 <= ACB1005_Aaffected
IngeteamIngecon Sun EMS Board0 <= AAX1031CNaffected
IngeteamIngecon Sun EMS BoardAAX1055CUunaffected
IngeteamIngecon Sun EMS BoardABU1001_Qunaffected
IngeteamIngecon Sun EMS BoardACL1201_Cunaffected
IngeteamIngecon Sun EMS BoardACL1200AMunaffected
IngeteamIngecon Sun EMS BoardABH1027_Lunaffected
IngeteamIngecon Sun EMS BoardABH1007AAunaffected
IngeteamIngecon Sun EMS BoardABS1009_Punaffected
IngeteamIngecon Sun EMS BoardABS1005_Uunaffected
IngeteamIngecon Sun EMS BoardACB1005_Cunaffected
IngeteamIngecon Sun EMS BoardAAX1031COunaffected

Weaknesses

  • CWE-327: CWE-327: Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References