BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·42d ago

Carlson Software VASCO-B GNSS Receiver

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-02.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation. /strong /p p The following versions of Carlson Software VASCO-B GNSS Receiver are affected: /p ul li VASCO-B GNSS Receiver lt;1.4.0 (CVE-2026-3893) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.4 /td td Carlson Software /td td Carlson Software VASCO-B GNSS Receiver /td td Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-3893 /a /h3 div class="csaf-accordion-content" p The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-3893" View CVE Details /a /p hr h4 Affected Products /h4 h5 Carlson Software VASCO-B GNSS Receiver /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Carlson Software /div div class="ics-version" strong Product Version: /strong br Carlson Software VASCO-B GNSS Receiver: lt;1.4.0 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Carlson Software recommends users update to Version 1.4.0 or greater. For more information contact Carlson Software https://www.carlsonsw.com/support-and-training/ br a href="https://www.carlsonsw.com/support-and-training/" https://www.carlsonsw.com/support-and-training/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/306.html" CWE-306 Missing Authentication for Critical Function /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th role="columnheader" Vector String /th /tr /thead tbody tr td 3.1 /td td 9.4 /td td CRITICAL /

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-02

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin