Description
An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leaving sensitive information more vulnerable.
References (2)
Core 2
Core References
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.json
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-02
Scores
CVSS v3
6.1
EPSS
0.0001
EPSS Percentile
0.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-261
Status
published
Published
Jan 22, 2026
Tracked Since
Feb 18, 2026