← volver
CVE-2026-1453

Missing Authentication for Critical Function in KiloView Encoder Series

CVSS 9.3 CRITICALEPSS 0.5%CWE-306
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
KiloView · Encoder Series E1 hardware Version 1.4KiloView · Encoder Series E1 hardware Version 1.6.20KiloView · Encoder Series E1-s hardware Version 1.4KiloView · Encoder Series E2 hardware Version 1.7.20KiloView · Encoder Series E2 hardware Version 1.8.20KiloView · Encoder Series G1 hardware Version 1.6.20KiloView · Encoder Series P1 hardware Version 1.3.20KiloView · Encoder Series P2 hardware Version 1.8.20KiloView · Encoder Series RE1 hardware Version 2.0.00KiloView · Encoder Series RE1 hardware Version 3.0.00

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01