← voltar
CVE-2026-6284

Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

CVSS 9.3 CRITICALEPSS 0.4%CWE-521
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.3EPSS 0.4%KEV nãoPoC Patch
Ciclo de vida
17 abr 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Horner Automation · CscapeHorner Automation · XL4 PLCHorner Automation · XL7 PLC

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.jsonhttps://hornerautomation.com/cscape-software-free/cscape-software/https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02