Skip to main content

Storage Concentrator CVE-2026-50110

| EUVDEUVD-2026-40846 CRITICAL
Use of Hard-coded Credentials (CWE-798)
2026-06-30 ics-cert@hq.dhs.gov GHSA-7x9m-9r4j-r94f
9.3
CVSS 4.0 · Vendor: hq
Share

Severity by source

Vendor (hq) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.2 CRITICAL

Credentials read locally from a config file (AV:L) with no further auth, and the recovered secrets unlock other back-end systems, justifying S:C with high C/I and low A impact.

3.1 AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
4.0 AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Primary rating from Vendor (hq).

CVSS VectorVendor: hq

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 01, 2026 - 02:16 EUVD
Analysis Generated
Jun 30, 2026 - 23:30 vuln.today

DescriptionCVE.org

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.

AnalysisAI

Credential exposure in StoneFly Storage Concentrator (SC) and its virtual machine variant (SCVM) lets an attacker recover plaintext credentials for numerous internal services from a configuration file where they are stored using reversible encoding rather than encryption. The hardcoded accounts cover databases, licensing, replication, and third-party integrations, so recovering them grants pivoting access across multiple interconnected systems. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local/admin access to SC or SCVM
Delivery
Read service configuration file
Exploit
Reverse encoding to plaintext credentials
Execution
Authenticate to database/replication/integration accounts
Persist
Pivot across interconnected storage systems
Impact
Exfiltrate or tamper with data

Vulnerability AssessmentAI

Exploitation Requires local access to read the appliance configuration file on StoneFly Storage Concentrator (SC) or SCVM where the encoded credentials reside (CVSS AV:L), after which no further authentication or user interaction is modeled (PR:N/UI:N) - the attacker simply reverses the known encoding to obtain plaintext. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals partly conflict and warrant careful triage. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with local or administrative access to an SC/SCVM appliance - for example a semi-trusted operator, a contractor, or an adversary who has already gained an initial foothold - reads the configuration file and applies the known reversible decoding to recover plaintext service credentials. They then reuse the recovered database, replication, and integration passwords to authenticate to connected back-end systems and pivot laterally across the storage environment. …
Remediation No vendor-released patch version is identified in the provided data - review the CISA advisory ICSA-26-181-06 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06) and contact StoneFly (https://stonefly.com/contact-us/) for the fixed firmware/SCVM release and apply it as the primary fix; if the vendor provides a build that rotates or randomizes the embedded credentials, deploy it and then force-rotate every affected back-end secret (database, licensing, replication, integration accounts), since the original cleartext values must be considered compromised. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: audit and restrict local access (physical console, SSH, RDP) to all StoneFly SC/SCVM instances; review access logs for unauthorized activity; notify teams managing systems that consume StoneFly credentials. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-50110 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy