Skip to main content

Anviz Crosschex Standard CVE-2026-40434

| EUVDEUVD-2026-23533 HIGH
Improper Verification of Source of a Communication Channel (CWE-940)
2026-04-17 icscert GHSA-qg37-cwrh-945r
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 20, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 17, 2026 - 20:37 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 20:15 euvd
EUVD-2026-23533
Analysis Generated
Apr 17, 2026 - 20:15 vuln.today
CVE Published
Apr 17, 2026 - 19:49 nvd
HIGH 8.1

DescriptionCVE.org

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

AnalysisAI

TCP packet injection vulnerability in Anviz CrossChex Standard allows adjacent network attackers to manipulate or disrupt client/server communications without authentication. The application fails to verify the source of TCP packets, enabling attackers on the same network segment to inject malicious traffic and alter application behavior or cause denial of service. CISA ICS-CERT reported this affecting physical access control and time attendance systems. EPSS data not available; no confirmed active exploitation or public exploit code identified at time of analysis.

Technical ContextAI

Anviz CrossChex Standard is a workforce management platform used for time attendance and access control in industrial and commercial environments. The vulnerability stems from CWE-940 (Improper Verification of Source of a Communication Channel), where the application accepts TCP packets on its client/server channel without authenticating the packet source or validating session integrity. This allows an attacker with adjacent network access to spoof legitimate endpoints and inject crafted TCP packets into active sessions. The lack of cryptographic binding or source validation in the protocol design enables session hijacking and man-in-the-middle manipulation of command/control traffic between CrossChex clients and servers. The affected product CPE (cpe:2.3:a:anviz:anviz_crosschex_standard) indicates all versions are potentially vulnerable, though specific version ranges are not detailed in available data.

RemediationAI

Contact Anviz vendor support at https://www.anviz.com/contact-us.html to request patch availability and affected version confirmation, as no specific patch version is identified in CISA advisory ICSA-26-106-03. Consult the CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json for potential updated guidance. Immediate compensating controls: implement network segmentation to isolate CrossChex server and client communications on a dedicated VLAN with strict access control lists permitting only authorized management workstations (reduces adjacent network attack surface but requires network infrastructure changes and may complicate legitimate remote administration). Deploy stateful firewall rules or intrusion prevention signatures to detect and block TCP session anomalies such as sequence number irregularities or duplicate packets from unexpected MAC addresses (effectiveness depends on IPS signature availability and may generate false positives in complex network topologies). Consider deploying the application behind a VPN or encrypted tunnel to provide cryptographic session integrity that the application layer lacks (adds operational complexity and potential performance overhead). Monitor network traffic for unexpected TCP connections to CrossChex server ports from non-standard source addresses as an detection control.

Share

CVE-2026-40434 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy