Home

Description

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can take over a device without user interaction while the device remains online and unaware.

PUBLISHED Reserved 2026-06-08 | Published 2026-06-12 | Updated 2026-06-12 | Assigner icscert




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-639 Authorization bypass through User-Controlled key

Product status

Default status
unaffected

All
affected

Default status
unaffected

All
affected

Default status
unaffected

All
affected

Default status
unaffected

All
affected

Credits

Temuri Takalandze reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-162-02

github.com/...p/csaf_files/OT/white/2026/icsa-26-162-02.json

cve.org (CVE-2026-42947)

nvd.nist.gov (CVE-2026-42947)

Download JSON