Which versions of Ingecon Sun EMS Board are affected by CVE-2026-8072?

Ingeteam's Ingecon Sun EMS Board contains a critical vulnerability in its Technical Support access mechanism that allows unauthenticated remote attackers to generate valid privileged credentials…. A patch is available.

Ingecon Sun EMS Board CVE-2026-8072

Q: What is the CVSS score of CVE-2026-8072?

CVE-2026-8072 has a CVSS 4.0 base score of 9.2 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-29445 CRITICAL

Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

2026-05-12 INCIBE

GHSA-4h3h-6vxm-m4vr

Privilege Escalation

9.2

CVSS 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 12, 2026 - 10:31 vuln.today

CVSS changed

May 12, 2026 - 10:22 NVD

9.2 (CRITICAL)

CVE Published

May 12, 2026 - 09:57 nvd

CRITICAL 9.2

DescriptionNVD

Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation.

AnalysisAI

Weak credential generation in Ingeteam's Ingecon Sun EMS Board Technical Support access mechanism allows remote privilege escalation via cryptographic weakness. The SAT (Technical Support) access feature generates credentials using a weak hashing algorithm instead of cryptographically secure methods, enabling attackers to predict or derive privileged access credentials. …

RemediationAI

Within 24 hours: Identify all Ingecon Sun EMS Board deployments and disable or restrict network access to the Technical Support (SAT) access feature pending patch deployment. Within 7 days: Apply vendor-released patch to all affected Ingecon Sun EMS Board systems (confirm exact patched version from INCIBE advisory and Ingeteam vendor documentation). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8072 vulnerability details – vuln.today

Back

Ingecon Sun EMS Board CVE-2026-8072

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Ingecon Sun EMS Board CVE-2026-8072

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code