CVE-2026-6284

Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

CVSS 9.3 CRITICALEPSS 0.4%CWE-521

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Apr 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected products

Horner Automation · Cscape Horner Automation · XL4 PLC Horner Automation · XL7 PLC

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json https://hornerautomation.com/cscape-software-free/cscape-software/https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02