Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.
AnalysisAI
TCP packet injection vulnerability in Anviz CrossChex Standard allows adjacent network attackers to manipulate or disrupt client/server communications without authentication. The application fails to verify the source of TCP packets, enabling attackers on the same network segment to inject malicious traffic and alter application behavior or cause denial of service. CISA ICS-CERT reported this affecting physical access control and time attendance systems. EPSS data not available; no confirmed active exploitation or public exploit code identified at time of analysis.
Technical ContextAI
Anviz CrossChex Standard is a workforce management platform used for time attendance and access control in industrial and commercial environments. The vulnerability stems from CWE-940 (Improper Verification of Source of a Communication Channel), where the application accepts TCP packets on its client/server channel without authenticating the packet source or validating session integrity. This allows an attacker with adjacent network access to spoof legitimate endpoints and inject crafted TCP packets into active sessions. The lack of cryptographic binding or source validation in the protocol design enables session hijacking and man-in-the-middle manipulation of command/control traffic between CrossChex clients and servers. The affected product CPE (cpe:2.3:a:anviz:anviz_crosschex_standard) indicates all versions are potentially vulnerable, though specific version ranges are not detailed in available data.
RemediationAI
Contact Anviz vendor support at https://www.anviz.com/contact-us.html to request patch availability and affected version confirmation, as no specific patch version is identified in CISA advisory ICSA-26-106-03. Consult the CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json for potential updated guidance. Immediate compensating controls: implement network segmentation to isolate CrossChex server and client communications on a dedicated VLAN with strict access control lists permitting only authorized management workstations (reduces adjacent network attack surface but requires network infrastructure changes and may complicate legitimate remote administration). Deploy stateful firewall rules or intrusion prevention signatures to detect and block TCP session anomalies such as sequence number irregularities or duplicate packets from unexpected MAC addresses (effectiveness depends on IPS signature availability and may generate false positives in complex network topologies). Consider deploying the application behind a VPN or encrypted tunnel to provide cryptographic session integrity that the application layer lacks (adds operational complexity and potential performance overhead). Monitor network traffic for unexpected TCP connections to CrossChex server ports from non-standard source addresses as an detection control.
More in Anviz Crosschex Standard
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23533
GHSA-qg37-cwrh-945r