CVE-2026-6284

Description

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected products

Horner Automation / Cscape10.0 – 10.0
Horner Automation / XL4 PLC16.32.0 – 16.32.0
Horner Automation / XL7 PLC15.60 – 15.60

References

MISChttps://hornerautomation.com/cscape-software-free/cscape-software/
VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02
MISChttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json