Skip to main content

VEGAPULS 6X CVE-2026-3323

| EUVDEUVD-2026-26030 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-04-28 CERTVDE
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Analysis Updated
Apr 28, 2026 - 11:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 28, 2026 - 11:22 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 11:15 vuln.today
EUVD ID Assigned
Apr 28, 2026 - 11:00 euvd
EUVD-2026-26030
Analysis Generated
Apr 28, 2026 - 11:00 vuln.today
CVE Published
Apr 28, 2026 - 10:24 nvd
HIGH 7.5

DescriptionCVE.org

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

AnalysisAI

Remote unauthenticated access to sensitive data in VEGA VEGAPULS 6X Two-Wire industrial sensors exposes hashed credentials and access codes via unsecured configuration interface. Network-accessible interface (AV:N/AC:L/PR:N/UI:N) allows attackers to extract authentication materials without any prerequisites, enabling credential cracking and potential lateral movement in industrial networks. EPSS and KEV data not available; CERTVDE advisory confirms vulnerability in Ethernet-APL enabled industrial level measurement devices running PROFINET, Modbus TCP, and OPC UA protocols. No public exploit identified at time of analysis, though exploitation trivial due to lack of authentication requirement.

Technical ContextAI

VEGAPULS 6X is an industrial level measurement sensor supporting two-wire PROFINET, Modbus TCP, and OPC UA protocols over Ethernet-APL (Advanced Physical Layer) infrastructure. The affected CPE string identifies the Ethernet-APL variant, which is designed for process automation environments requiring intrinsically safe communication over extended distances. CWE-306 (Missing Authentication for Critical Function) indicates the configuration interface completely lacks authentication controls rather than having weak authentication. This is a common vulnerability class in industrial control systems where devices are deployed assuming network segmentation provides security, but modern IT/OT convergence and remote access requirements increasingly expose these interfaces. The configuration interface likely operates over HTTP/HTTPS or a proprietary TCP protocol on standard Ethernet-APL networking, making it accessible to any network-connected attacker who can route to the device.

RemediationAI

Consult the VEGA CERTVDE advisory VDE-2026-016 at https://certvde.com/en/advisories/VDE-2026-016 and CSAF document at https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json for vendor-released patch information and exact firmware versions containing the fix. Patched version number not independently confirmed from available data. If firmware updates are not immediately deployable in operational environments, implement compensating network controls: isolate VEGAPULS 6X devices on dedicated OT network segments with no direct routing from corporate IT networks; apply firewall rules blocking access to configuration interface ports except from authorized engineering workstations using IP whitelisting (note: breaks remote access workflows); deploy IDS/IPS signatures to detect unauthorized configuration interface access attempts (generates alerts but does not prevent initial credential exposure); implement VPN with multi-factor authentication for any required remote access to OT segments containing these devices (adds complexity to legitimate maintenance). These workarounds reduce attack surface but do not eliminate the vulnerability and may impact operational procedures requiring remote configuration access. Review and rotate any credentials potentially exposed prior to applying patches.

Share

CVE-2026-3323 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy