BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·49d ago

Horner Automation Cscape and XL4, XL7 PLC

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services. /strong /p p The following versions of Horner Automation Cscape and XL4, XL7 PLC are affected: /p ul li Cscape v10.0 /li li XL7 PLC v15.60 /li li XL4 PLC v16.32.0 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.1 /td td Horner Automation /td td Horner Automation Cscape and XL4, XL7 PLC /td td Weak Password Requirements /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-6284 /a /h3 div class="csaf-accordion-content" p An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-6284" View CVE Details /a /p hr h4 Affected Products /h4 h5 Horner Automation Cscape and XL4, XL7 PLC /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Horner Automation /div div class="ics-version" strong Product Version: /strong br Horner Automation Cscape: v10.0, Horner Automation XL7 PLC: v15.60, Horner Automation XL4 PLC: v16.32.0 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Horner Automation recommends users update to Cscape v10.2 SP2 or later. Horner Automation has also released the latest firmware for both XL4 and XL7 PLCs. Horner recommends users update to the latest version of the firmware. https://hornerautomation.com/cscape-software-free/cscape-software/. br a href="https://hornerautomation.com/cscape-software-free/cscape-software/" https://hornerautomation.com/cscape-software-free/cscape-software/ /a /p p strong Mitigation /strong br For more information, see Horner Automation's release notes. /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/521.html" CWE-521 Weak Password Requirements /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin