Skip to main content

Brute Force EUVDEUVD-2026-23442

| CVE-2026-6284 CRITICAL
Weak Password Requirements (CWE-521)
2026-04-17 icscert GHSA-r9f4-h79v-5p47
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 16:22 vuln.today
cvss_changed
CVSS changed
Apr 17, 2026 - 16:22 NVD
9.1 (CRITICAL) 9.3 (CRITICAL)
Analysis Generated
Apr 17, 2026 - 16:08 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 15:45 euvd
EUVD-2026-23442
Analysis Generated
Apr 17, 2026 - 15:45 vuln.today
CVE Published
Apr 17, 2026 - 15:14 nvd
CRITICAL 9.3

DescriptionCVE.org

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

AnalysisAI

Brute force password attacks against Horner Automation XL4/XL7 PLCs and Cscape software allow remote unauthenticated attackers to gain unauthorized administrative access via network connections. Weak password policies (limited complexity requirements) combined with absent rate limiting enable systematic credential enumeration. CVSS 9.1 (Critical) reflects network-accessible attack with no authentication required. CISA ICS-CERT advisory confirms vulnerability in operational technology environments where PLCs control industrial processes.

Technical ContextAI

Horner Automation Cscape is an engineering software platform for programming XL-series programmable logic controllers (PLCs) used in industrial automation. The vulnerability stems from CWE-521 (Weak Password Requirements), where authentication mechanisms lack two critical security controls: insufficient password complexity enforcement and missing brute-force mitigation (no account lockout, rate limiting, or CAPTCHA). Affected products per CPE data include Cscape software (cpe:2.3:a:horner_automation:cscape) and XL7/XL4 PLC firmware (cpe:2.3:a:horner_automation:xl7_plc and xl4_plc). The network-accessible nature (AV:N) indicates these authentication endpoints are exposed on TCP/IP interfaces, typical for PLC remote management protocols like Modbus TCP, EtherNet/IP, or proprietary OPC interfaces. In OT environments, PLCs often have predictable IP addresses on flat networks, making them discoverable through industrial protocol scanning tools like PLCScan or Nmap NSE scripts.

RemediationAI

Apply vendor-released updates from Horner Automation's Cscape software download page (https://hornerautomation.com/cscape-software-free/cscape-software/) - specific patched version numbers not confirmed in source data, consult vendor advisory for exact release addressing CVE-2026-6284. After patching, immediately change all PLC passwords to complex credentials (minimum 16 characters, mixed case, numbers, symbols) and disable default accounts. Compensating controls if patching is delayed: (1) Network segmentation - isolate PLCs on dedicated OT VLANs with firewall rules blocking port 80/443/502/44818 from corporate networks, allowing only engineering workstations via ACLs (trade-off: breaks remote monitoring until VPN configured). (2) Deploy industrial protocol firewall or IDS (Claroty, Nozomi, Dragos) to detect brute force patterns like rapid authentication failures or password spraying (trade-off: requires capital investment and OT security expertise). (3) Implement jump host architecture where engineers RDP into hardened bastion before accessing PLC programming interfaces (trade-off: adds operational friction, requires identity management integration). Note: Simply disabling network access is NOT viable for most OT environments requiring HMI connectivity - risk acceptance with monitoring may be necessary until patching window.

CVE-2012-2441 HIGH POC
8.5 Apr 28

RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address fi

CVE-2024-42850 CRITICAL POC
9.8 Aug 16

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity

CVE-2025-28200 CRITICAL POC
9.8 May 09

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits o

CVE-2025-28389 CRITICAL POC
9.8 Jun 13

Critical authentication bypass vulnerability in OpenC3 COSMOS v6.0.0 caused by weak password requirements that enable br

CVE-2025-63747 CRITICAL POC
9.8 Nov 17

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immedia

CVE-2023-37756 CRITICAL POC
9.8 Sep 14

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creatio

CVE-2023-2160 CRITICAL POC
9.8 Apr 18

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.8), this

CVE-2023-2106 CRITICAL POC
9.8 Apr 15

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. Rated critical severity (CVSS 9.8)

CVE-2023-1753 CRITICAL POC
9.8 Mar 31

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), t

CVE-2022-44236 CRITICAL POC
9.8 Dec 15

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. R

CVE-2022-3754 CRITICAL POC
9.8 Oct 29

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Rated critical severity (CVSS 9.8), th

CVE-2022-3268 CRITICAL POC
9.8 Sep 22

Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. Rated critical severity (CVSS 9.8), this

Share

EUVD-2026-23442 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy