Which versions of Brute Force are affected by CVE-2026-6284?

Horner Automation XL4/XL7 PLCs and Cscape software are vulnerable to remote unauthenticated brute force attacks that could allow attackers to gain administrative access to industrial control systems.

Brute Force CVE-2026-6284

Q: What is the CVSS score of CVE-2026-6284?

CVE-2026-6284 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-23442 CRITICAL

Weak Password Requirements (CWE-521)

2026-04-17 icscert

GHSA-r9f4-h79v-5p47

Authentication Bypass Brute Force

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

Apr 17, 2026 - 16:22 NVD

9.1 (CRITICAL) 9.3 (CRITICAL)

Analysis Generated

Apr 17, 2026 - 16:08 vuln.today

EUVD ID Assigned

Apr 17, 2026 - 15:45 euvd

EUVD-2026-23442

Analysis Generated

Apr 17, 2026 - 15:45 vuln.today

CVE Published

Apr 17, 2026 - 15:14 nvd

CRITICAL 9.3

DescriptionNVD

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

AnalysisAI

Brute force password attacks against Horner Automation XL4/XL7 PLCs and Cscape software allow remote unauthenticated attackers to gain unauthorized administrative access via network connections. Weak password policies (limited complexity requirements) combined with absent rate limiting enable systematic credential enumeration. …

RemediationAI

Within 24 hours: Identify all Horner XL4/XL7 PLCs and Cscape installations in your operational technology environment using network discovery tools; document firmware and software versions. Within 7 days: Implement network segmentation to restrict administrative access to affected systems to authorized personnel only; enforce strong password policies (minimum 12 characters, mixed complexity) on all accessible management interfaces; enable connection logging on network access points to affected devices. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6284 vulnerability details – vuln.today

Back

Brute Force CVE-2026-6284

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Brute Force CVE-2026-6284

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code