Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
6DescriptionCVE.org
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
AnalysisAI
Remote unauthenticated access to sensitive data in VEGA VEGAPULS 6X Two-Wire industrial sensors exposes hashed credentials and access codes via unsecured configuration interface. Network-accessible interface (AV:N/AC:L/PR:N/UI:N) allows attackers to extract authentication materials without any prerequisites, enabling credential cracking and potential lateral movement in industrial networks. EPSS and KEV data not available; CERTVDE advisory confirms vulnerability in Ethernet-APL enabled industrial level measurement devices running PROFINET, Modbus TCP, and OPC UA protocols. No public exploit identified at time of analysis, though exploitation trivial due to lack of authentication requirement.
Technical ContextAI
VEGAPULS 6X is an industrial level measurement sensor supporting two-wire PROFINET, Modbus TCP, and OPC UA protocols over Ethernet-APL (Advanced Physical Layer) infrastructure. The affected CPE string identifies the Ethernet-APL variant, which is designed for process automation environments requiring intrinsically safe communication over extended distances. CWE-306 (Missing Authentication for Critical Function) indicates the configuration interface completely lacks authentication controls rather than having weak authentication. This is a common vulnerability class in industrial control systems where devices are deployed assuming network segmentation provides security, but modern IT/OT convergence and remote access requirements increasingly expose these interfaces. The configuration interface likely operates over HTTP/HTTPS or a proprietary TCP protocol on standard Ethernet-APL networking, making it accessible to any network-connected attacker who can route to the device.
RemediationAI
Consult the VEGA CERTVDE advisory VDE-2026-016 at https://certvde.com/en/advisories/VDE-2026-016 and CSAF document at https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json for vendor-released patch information and exact firmware versions containing the fix. Patched version number not independently confirmed from available data. If firmware updates are not immediately deployable in operational environments, implement compensating network controls: isolate VEGAPULS 6X devices on dedicated OT network segments with no direct routing from corporate IT networks; apply firewall rules blocking access to configuration interface ports except from authorized engineering workstations using IP whitelisting (note: breaks remote access workflows); deploy IDS/IPS signatures to detect unauthorized configuration interface access attempts (generates alerts but does not prevent initial credential exposure); implement VPN with multi-factor authentication for any required remote access to OT segments containing these devices (adds complexity to legitimate maintenance). These workarounds reduce attack surface but do not eliminate the vulnerability and may impact operational procedures requiring remote configuration access. Review and rotate any credentials potentially exposed prior to applying patches.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26030