← Zuruck zu CVEs
CVE-2026-6284
CRITICAL9.1
Beschreibung
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
CVE Details
CVSS v3.1 Bewertung9.1
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/17/2026
Zuletzt geandert4/17/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-521
Referenzen
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json(ics-cert@hq.dhs.gov)
https://hornerautomation.com/cscape-software-free/cscape-software/(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02(ics-cert@hq.dhs.gov)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.