CVE-2026-6284

CRITICAL

Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

Title source: cna

Description

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

References (3)

https://hornerautomation.com/cscape-software-free/cscape-software/

https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json

View Writeup ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0001

EPSS Percentile 2.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-521

Status published

Products (3)

Horner Automation/Cscape 10.0

Horner Automation/XL4 PLC 16.32.0

Horner Automation/XL7 PLC 15.60

Published Apr 17, 2026

Tracked Since Apr 17, 2026