CVE-2026-8072

CRITICAL

Insecure generation of SAT access credentials in Ingecon EMS Board

Title source: cna

Description

Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation.

References (2)

Core 2

Core References

Patch patch

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/insecure-generation-sat-access-credentials-ingecon-ems-board

https://www.reversemode.com/2026/05/a-practical-analysis-of-cyber-physical.html

Scores

CVSS v4 9.2

EPSS 0.0015

EPSS Percentile 4.6%

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-327

Status published

Products (20)

Ingeteam/Ingecon Sun EMS Board < AAX1031CN

Ingeteam/Ingecon Sun EMS Board < AAX1055CT

Ingeteam/Ingecon Sun EMS Board < ABH1007_Z

Ingeteam/Ingecon Sun EMS Board < ABH1027_K

Ingeteam/Ingecon Sun EMS Board < ABS1005_T

Ingeteam/Ingecon Sun EMS Board < ABS1009_L

Ingeteam/Ingecon Sun EMS Board < ABU1001_P

Ingeteam/Ingecon Sun EMS Board < ACB1005_A

Ingeteam/Ingecon Sun EMS Board < ACL1200AL

Ingeteam/Ingecon Sun EMS Board < ACL1201_B

... and 10 more

Published May 12, 2026

Tracked Since May 12, 2026