Home

Description

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leaving sensitive information more vulnerable.

PUBLISHED Reserved 2025-12-09 | Published 2026-01-22 | Updated 2026-01-23 | Assigner icscert




MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Problem types

CWE-261

Product status

Default status
unaffected

C0-0x
affected

C0-1x
affected

C2-x
affected

V3.90
unaffected

Credits

Dylan Chambers Bourgeois of Triskele Labs reported these vulnerabilities to CISA finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-022-02

github.com/...p/csaf_files/OT/white/2026/icsa-26-022-02.json

cve.org (CVE-2025-67652)

nvd.nist.gov (CVE-2025-67652)

Download JSON