CVE-2026-0393 | THREATINT

Description

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.

PUBLISHED Reserved 2025-11-27 | Published 2026-05-21 | Updated 2026-05-21 | Assigner CERTVDE

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-522 Insufficiently Protected Credentials

Product status

Default status

unaffected

1.0.0.0 (semver) before 4.10.0.0

affected

Credits

Silvan Schweizer from CTA AG finder

References

codesys.csaf-tp.certvde.com/...sory2026-07_vde-2026-052.json vendor-advisory

cve.org (CVE-2026-0393)

nvd.nist.gov (CVE-2026-0393)

Download JSON