CVE-2026-6284 - Vulnerability Analysis

Overview

A PLC contains a broken authentication vulnerability caused by limited password complexity and lack of input limiters, letting attackers with network access brute force passwords to gain unauthorized access.

Severity & Score

Impact

Attackers can gain unauthorized access to systems and services by brute forcing passwords.

Mitigation

Implement stronger password complexity and input limiters or update to the latest secure version.

References

• https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02
• https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json
• https://hornerautomation.com/cscape-software-free/cscape-software/

Social Media Activity(1 post)

ThreatNoir

@threatnoir

Apr 18, 2026

⚠️ CRITICAL: Horner Automation Cscape and XL4, XL7 PLC Horner Automation Cscape v10.0, XL4 PLC v16.32.0, and XL7 PLC v15.60 contain a critical password brute-force vulnerability (CVE-2026-6284, CVSS 9.1) with no rate limiting. This affects manufacturing environments globally and allows unauthenticated network attackers to compromise PLCs controlling cr… https://threatnoir.com/focus #infosec #cybersecurity

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner