CVE-2026-24790
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Lifecycle Timeline
2DescriptionCVE.org
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
AnalysisAI
Unauthenticated remote attackers can manipulate the underlying PLC controller on affected devices due to missing authentication controls, enabling modification of device operations and potential service disruption. The vulnerability requires no user interaction and can be exploited over the network, with no official patch currently available to mitigate the risk.
Technical ContextAI
Classified as CWE-306 (Missing Authentication for Critical Function). The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
Affected ProductsAI
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today