CVE-2026-6284 | THREATINT

Description

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

PUBLISHED Reserved 2026-04-14 | Published 2026-04-17 | Updated 2026-04-20 | Assigner icscert

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-521

Product status

Default status

unaffected

10.0

affected

Default status

unaffected

15.60

affected

Default status

unaffected

16.32.0

affected

Credits

An anonymous researcher reported this vulnerability to CISA finder

References

hornerautomation.com/cscape-software-free/cscape-software/

www.cisa.gov/news-events/ics-advisories/icsa-26-106-02

github.com/...p/csaf_files/OT/white/2026/icsa-26-106-02.json

cve.org (CVE-2026-6284)

nvd.nist.gov (CVE-2026-6284)

Download JSON