Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3654 vulnerabilities
CVE-2026-32650 (GCVE-0-2026-32650)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:52 – Updated: 2026-04-17 20:26
VLAI?
Title
Anviz CrossChex Standard Algorithm Downgrade
Summary
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable
encryption, causing database credentials to be sent in plaintext and
enabling unauthorized database access.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Anviz | Anviz CrossChex Standard |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:26:08.787769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:26:17.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CrossChex Standard",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz CrossChex Standard\u0026nbsp;is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access."
}
],
"value": "Anviz CrossChex Standard\u00a0is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-757",
"description": "CWE-757",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:52:45.308Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz CrossChex Standard Algorithm Downgrade",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-32650",
"datePublished": "2026-04-17T19:52:45.308Z",
"dateReserved": "2026-04-14T15:42:14.116Z",
"dateUpdated": "2026-04-17T20:26:17.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40434 (GCVE-0-2026-40434)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:49 – Updated: 2026-04-17 20:28
VLAI?
Title
Anviz CrossChex Standard Improper Verification of Source of a Communication Channel
Summary
Anviz CrossChex Standard
lacks source verification in the client/server channel, enabling TCP
packet injection by an attacker on the same network to alter or disrupt
application traffic.
Severity ?
8.1 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Anviz | Anviz CrossChex Standard |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:27:23.496359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:28:02.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CrossChex Standard",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz CrossChex Standard\nlacks source verification in the client/server channel, enabling TCP \npacket injection by an attacker on the same network to alter or disrupt \napplication traffic."
}
],
"value": "Anviz CrossChex Standard\nlacks source verification in the client/server channel, enabling TCP \npacket injection by an attacker on the same network to alter or disrupt \napplication traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:49:28.099Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz CrossChex Standard Improper Verification of Source of a Communication Channel",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-40434",
"datePublished": "2026-04-17T19:49:28.099Z",
"dateReserved": "2026-04-14T15:42:14.096Z",
"dateUpdated": "2026-04-17T20:28:02.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35682 (GCVE-0-2026-35682)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:46 – Updated: 2026-04-17 20:30
VLAI?
Title
Anviz CX2 Lite Command Injection
Summary
Anviz CX2 Lite is vulnerable to an authenticated command injection via a
filename parameter that enables arbitrary command execution (e.g.,
starting telnetd), resulting in root‑level access.
Severity ?
8.8 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Anviz | Anviz CX2 Lite Firmware |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:30:04.932110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:30:18.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX2 Lite Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz\u0026nbsp;CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root\u2011level access."
}
],
"value": "Anviz\u00a0CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root\u2011level access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:46:26.716Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz CX2 Lite Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-35682",
"datePublished": "2026-04-17T19:46:26.716Z",
"dateReserved": "2026-04-14T15:47:54.211Z",
"dateUpdated": "2026-04-17T20:30:18.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40066 (GCVE-0-2026-40066)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:43 – Updated: 2026-04-17 20:00
VLAI?
Title
Anviz Products Download of Code Without Integrity Check
Summary
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The
device unpacks and executes a script resulting in unauthenticated remote
code execution.
Severity ?
8.8 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Anviz | Anviz CX7 Firmware |
Affected:
All versions
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:00:10.096399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:00:36.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX7 Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Anviz CX2 Lite Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz\u0026nbsp;CX2 Lite and CX7\u0026nbsp;are vulnerable to unverified update packages that can be uploaded. The \ndevice unpacks and executes a script resulting in unauthenticated remote\n code execution."
}
],
"value": "Anviz\u00a0CX2 Lite and CX7\u00a0are vulnerable to unverified update packages that can be uploaded. The \ndevice unpacks and executes a script resulting in unauthenticated remote\n code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:43:20.709Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz Products Download of Code Without Integrity Check",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-40066",
"datePublished": "2026-04-17T19:43:20.709Z",
"dateReserved": "2026-04-14T15:47:54.264Z",
"dateUpdated": "2026-04-17T20:00:36.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35546 (GCVE-0-2026-35546)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:39 – Updated: 2026-04-17 20:05
VLAI?
Title
Anviz Products Missing Authentication for Critical Function
Summary
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted
archives to be accepted, enabling attackers to plant and execute code
and obtain a reverse shell.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Anviz | Anviz CX7 Firmware |
Affected:
All versions
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:05:03.369768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:05:28.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX7 Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Anviz CX2 Lite Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz\u0026nbsp;CX2 Lite and CX7\u0026nbsp;are vulnerable to unauthenticated firmware uploads. This causes crafted \narchives to be accepted, enabling attackers to plant and execute code \nand obtain a reverse shell."
}
],
"value": "Anviz\u00a0CX2 Lite and CX7\u00a0are vulnerable to unauthenticated firmware uploads. This causes crafted \narchives to be accepted, enabling attackers to plant and execute code \nand obtain a reverse shell."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:39:25.110Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz Products Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-35546",
"datePublished": "2026-04-17T19:39:25.110Z",
"dateReserved": "2026-04-14T15:47:54.234Z",
"dateUpdated": "2026-04-17T20:05:28.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40461 (GCVE-0-2026-40461)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:36 – Updated: 2026-04-17 20:03
VLAI?
Title
Anviz Products Missing Authentication for Critical Function
Summary
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes that
can facilitate later compromise.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Anviz | Anviz CX7 Firmware |
Affected:
All versions
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:02:41.120773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:03:18.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX7 Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Anviz CX2 Lite Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz\u0026nbsp;CX2 Lite and CX7\u0026nbsp;are vulnerable to unauthenticated POST requests that modify debug \nsettings (e.g., enabling SSH), allowing unauthorized state changes that \ncan facilitate later compromise."
}
],
"value": "Anviz\u00a0CX2 Lite and CX7\u00a0are vulnerable to unauthenticated POST requests that modify debug \nsettings (e.g., enabling SSH), allowing unauthorized state changes that \ncan facilitate later compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:36:29.842Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz Products Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-40461",
"datePublished": "2026-04-17T19:36:29.842Z",
"dateReserved": "2026-04-14T15:52:06.314Z",
"dateUpdated": "2026-04-17T20:03:18.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32648 (GCVE-0-2026-32648)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:34 – Updated: 2026-04-17 20:09
VLAI?
Title
Anviz Products Missing Authorization
Summary
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug
configuration details (e.g., SSH/RTTY status), assisting attackers in
reconnaissance against the device.
Severity ?
5.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Anviz | Anviz CX7 Firmware |
Affected:
All versions
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:08:33.345711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:09:05.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX7 Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Anviz CX2 Lite Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz\u0026nbsp;CX2 Lite and CX7\u0026nbsp;are vulnerable to unauthenticated access that discloses debug \nconfiguration details (e.g., SSH/RTTY status), assisting attackers in \nreconnaissance against the device."
}
],
"value": "Anviz\u00a0CX2 Lite and CX7\u00a0are vulnerable to unauthenticated access that discloses debug \nconfiguration details (e.g., SSH/RTTY status), assisting attackers in \nreconnaissance against the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:34:21.522Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz Products Missing Authorization",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-32648",
"datePublished": "2026-04-17T19:34:21.522Z",
"dateReserved": "2026-04-14T15:52:06.301Z",
"dateUpdated": "2026-04-17T20:09:05.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33569 (GCVE-0-2026-33569)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:30 – Updated: 2026-04-17 20:32
VLAI?
Title
Anviz Products Cleartext Transmission of Sensitive Information
Summary
Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling
on‑path attackers to sniff credentials and session data, which can be
used to compromise the device.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Anviz | Anviz CX7 Firmware |
Affected:
All versions
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:32:31.417281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:32:48.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX7 Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Anviz CX2 Lite Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz\u0026nbsp;CX2 Lite and CX7 administrative sessions occur over HTTP, enabling \non\u2011path attackers to sniff credentials and session data, which can be \nused to compromise the device."
}
],
"value": "Anviz\u00a0CX2 Lite and CX7 administrative sessions occur over HTTP, enabling \non\u2011path attackers to sniff credentials and session data, which can be \nused to compromise the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:30:46.066Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz Products Cleartext Transmission of Sensitive Information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-33569",
"datePublished": "2026-04-17T19:30:46.066Z",
"dateReserved": "2026-04-14T15:42:14.069Z",
"dateUpdated": "2026-04-17T20:32:48.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31927 (GCVE-0-2026-31927)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:24 – Updated: 2026-04-17 20:34
VLAI?
Title
Anviz CX7 Firmware Relative Path Traversal
Summary
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal
to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized
SSH access when combined with debug‑setting changes
Severity ?
4.9 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Anviz | Anviz CX7 Firmware |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:34:19.788440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:34:41.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX7 Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz CX7 Firmware\u0026nbsp;is vulnerable to an authenticated CSV upload which allows path traversal \nto overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized \nSSH access when combined with debug\u2011setting changes"
}
],
"value": "Anviz CX7 Firmware\u00a0is vulnerable to an authenticated CSV upload which allows path traversal \nto overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized \nSSH access when combined with debug\u2011setting changes"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:24:53.893Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz CX7 Firmware Relative Path Traversal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-31927",
"datePublished": "2026-04-17T19:24:53.893Z",
"dateReserved": "2026-04-14T15:42:14.030Z",
"dateUpdated": "2026-04-17T20:34:41.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32324 (GCVE-0-2026-32324)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:22 – Updated: 2026-04-17 20:10
VLAI?
Title
Anviz CX7 Firmware Use of Hard-coded Cryptographic Key
Summary
Anviz CX7 Firmware is
vulnerable because the application embeds reusable certificate/key
material, enabling decryption of MQTT traffic and potential interaction
with device messaging channels at scale.
Severity ?
7.7 (High)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Anviz | Anviz CX7 Firmware |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:10:33.419297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:10:48.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX7 Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz CX7 Firmware\u0026nbsp;is\u0026nbsp;\nvulnerable because the application embeds reusable certificate/key \nmaterial, enabling decryption of MQTT traffic and potential interaction \nwith device messaging channels at scale."
}
],
"value": "Anviz CX7 Firmware\u00a0is\u00a0\nvulnerable because the application embeds reusable certificate/key \nmaterial, enabling decryption of MQTT traffic and potential interaction \nwith device messaging channels at scale."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:22:12.097Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz CX7 Firmware Use of Hard-coded Cryptographic Key",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-32324",
"datePublished": "2026-04-17T19:22:12.097Z",
"dateReserved": "2026-04-14T15:47:54.287Z",
"dateUpdated": "2026-04-17T20:10:48.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35061 (GCVE-0-2026-35061)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:19 – Updated: 2026-04-17 20:07
VLAI?
Title
Anviz Products Missing Authorization
Summary
Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be
retrieved without authentication, revealing sensitive operational
imagery.
Severity ?
5.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Anviz | Anviz CX7 Firmware |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T20:06:50.544830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T20:07:00.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX7 Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz CX7 Firmware\u0026nbsp;is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery."
}
],
"value": "Anviz CX7 Firmware\u00a0is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:19:25.884Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz Products Missing Authorization",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-35061",
"datePublished": "2026-04-17T19:19:25.884Z",
"dateReserved": "2026-04-14T15:52:06.295Z",
"dateUpdated": "2026-04-17T20:07:00.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33093 (GCVE-0-2026-33093)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:17 – Updated: 2026-04-17 19:54
VLAI?
Title
Anviz Products Missing Authorization
Summary
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures
a photo with the front facing camera, exposing visual information about
the deployment environment.
Severity ?
5.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Anviz | Anviz CX7 Firmware |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:54:19.682411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:54:36.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anviz CX7 Firmware",
"vendor": "Anviz",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz CX7 Firmware\u0026nbsp;is vulnerable to an unauthenticated POST to the device that captures\n a photo with the front facing camera, exposing visual information about\n the deployment environment."
}
],
"value": "Anviz CX7 Firmware\u00a0is vulnerable to an unauthenticated POST to the device that captures\n a photo with the front facing camera, exposing visual information about\n the deployment environment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:17:15.274Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.anviz.com/contact-us.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
}
],
"source": {
"advisory": "ICSA-26-106-03",
"discovery": "EXTERNAL"
},
"title": "Anviz Products Missing Authorization",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-33093",
"datePublished": "2026-04-17T19:17:15.274Z",
"dateReserved": "2026-04-14T15:52:06.272Z",
"dateUpdated": "2026-04-17T19:54:36.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6284 (GCVE-0-2026-6284)
Vulnerability from cvelistv5 – Published: 2026-04-17 15:14 – Updated: 2026-04-17 15:14
VLAI?
Title
Horner Automation Cscape and XL4, XL7 PLC Weak password requirements
Summary
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
Severity ?
9.1 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Horner Automation | Cscape |
Affected:
10.0
|
||||||||||||
|
||||||||||||||
Date Public ?
2026-04-16 17:00
Credits
An anonymous researcher reported this vulnerability to CISA
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cscape",
"vendor": "Horner Automation",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XL7 PLC",
"vendor": "Horner Automation",
"versions": [
{
"status": "affected",
"version": "15.60"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XL4 PLC",
"vendor": "Horner Automation",
"versions": [
{
"status": "affected",
"version": "16.32.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "An anonymous researcher reported this vulnerability to CISA"
}
],
"datePublic": "2026-04-16T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible."
}
],
"value": "An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T15:14:06.346Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://hornerautomation.com/cscape-software-free/cscape-software/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Horner Automation recommends users update to Cscape v10.2 SP2 or later. Horner Automation has also released the latest firmware for both XL4 and XL7 PLCs. Horner recommends users update to the latest version of the firmware.\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://hornerautomation.com/cscape-software-free/cscape-software/\" title=\"(opens in a new window)\"\u003ehttps://hornerautomation.com/cscape-software-free/cscape-software/\u003c/a\u003e"
}
],
"value": "Horner Automation recommends users update to Cscape v10.2 SP2 or later. Horner Automation has also released the latest firmware for both XL4 and XL7 PLCs. Horner recommends users update to the latest version of the firmware.\u00a0\n https://hornerautomation.com/cscape-software-free/cscape-software/"
}
],
"source": {
"advisory": "ICSA-26-106-02",
"discovery": "EXTERNAL"
},
"title": "Horner Automation Cscape and XL4, XL7 PLC Weak password requirements",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-6284",
"datePublished": "2026-04-17T15:14:06.346Z",
"dateReserved": "2026-04-14T15:07:32.676Z",
"dateUpdated": "2026-04-17T15:14:06.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5387 (GCVE-0-2026-5387)
Vulnerability from cvelistv5 – Published: 2026-04-15 15:24 – Updated: 2026-04-15 17:38
VLAI?
Title
AVEVA Pipeline Simulation Missing Authorization
Summary
The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVEVA | Pipeline Simulation 2025 |
Affected:
0 , ≤ 2025 SP1 (build 7.1.9497.6351)
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T17:38:40.210058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T17:38:50.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pipeline Simulation 2025",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2025 SP1 (build 7.1.9497.6351)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations\u0026nbsp;intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records."
}
],
"value": "The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations\u00a0intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:24:15.623Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf"
},
{
"url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All affected versions can be fixed by upgrading to AVEVA Pipeline Simulation 2025 SP1 P01 (build 7.1.9580.8513) or higher:\u003cbr\u003ehttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f"
}
],
"value": "All affected versions can be fixed by upgrading to AVEVA Pipeline Simulation 2025 SP1 P01 (build 7.1.9580.8513) or higher:\nhttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f"
}
],
"source": {
"advisory": "ICSA-26-106-04, AVEVA-2026-004",
"discovery": "INTERNAL"
},
"title": "AVEVA Pipeline Simulation Missing Authorization",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their\u0026nbsp;operational environment, architecture, and product implementation. Customers using affected product versions should apply security updates to mitigate the risk of exploit."
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their\u00a0operational environment, architecture, and product implementation. Customers using affected product versions should apply security updates to mitigate the risk of exploit."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following general defensive measures are recommended:\u003cbr\u003e\u2022 Restrict Network Access: Implement host-based and/or network firewall controls on all nodes hosting the Pipeline Simulation Server API to ensure that only trusted Pipeline Simulation client systems are permitted to establish connections.\u003cbr\u003e\u2022 Enforce Secure Communication: Enable TLS for all API communications and ensure that server certificates are properly managed and protected to reduce the risk of manipulator-in-the-middle (MitM) attacks and tampering with data in transit."
}
],
"value": "The following general defensive measures are recommended:\n\u2022 Restrict Network Access: Implement host-based and/or network firewall controls on all nodes hosting the Pipeline Simulation Server API to ensure that only trusted Pipeline Simulation client systems are permitted to establish connections.\n\u2022 Enforce Secure Communication: Enable TLS for all API communications and ensure that server certificates are properly managed and protected to reduce the risk of manipulator-in-the-middle (MitM) attacks and tampering with data in transit."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-5387",
"datePublished": "2026-04-15T15:24:15.623Z",
"dateReserved": "2026-04-01T21:04:13.517Z",
"dateUpdated": "2026-04-15T17:38:50.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4436 (GCVE-0-2026-4436)
Vulnerability from cvelistv5 – Published: 2026-04-09 20:04 – Updated: 2026-04-14 14:04
VLAI?
Title
GPL Odorizers GPL750 Missing Authentication for Critical Function
Summary
A low-privileged remote attacker can send Modbus packets to manipulate
register values that are inputs to the odorant injection logic such that
too much or too little odorant is injected into a gas line.
Severity ?
8.6 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| GPL Odorizers | GPL750 (XL4) |
Affected:
v1.0 , < v6.0
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
An anonymous researcher reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T14:03:00.899159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T14:04:53.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GPL750 (XL4)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v6.0",
"status": "affected",
"version": "v1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GPL750 (XL4 Prime)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v6.0",
"status": "affected",
"version": "v4.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GPL Odorizers GPL750 (XL7)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v20.0",
"status": "affected",
"version": "v13.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GPL Odorizers GPL750 (XL7 Prime)",
"vendor": "GPL Odorizers",
"versions": [
{
"lessThan": "v20.0",
"status": "affected",
"version": "v18.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "An anonymous researcher reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."
}
],
"value": "A low-privileged remote attacker can send Modbus packets to manipulate \nregister values that are inputs to the odorant injection logic such that\n too much or too little odorant is injected into a gas line."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T20:04:26.208Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\u003cbr\u003e\u003ca href=\"https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\" title=\"(opens in a new window)\"\u003ehttps://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm\u003c/a\u003e"
}
],
"value": "GPL Odorizers recommends users update to the latest software version of \nthe GPL750 in connection with the latest firmware from Horner Automation\n for the XL4, XL4 Prime, XL7, and XL7 Prime \ndevices.https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm.\n https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/IgDYaHIhXpyLQJvnKPd6b80TAUgV7Lp8qmVYBFUb0lmr7ak?e=JLeADm"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation."
}
],
"value": "GPL Odorizers recommends users clear the old files from their microSD \ncards, keeping only the LOGS folder and the FIRMWARE.LIC file if they \nhave a WebMI license. The compressed folder downloaded from the link \nabove can then be extracted to the root directory of the microSD card. \nThese files already include the corresponding firmware update. If users \ndo not have IT permissions to access their microSD cards, GPL Odorizers \ncan provide preconfigured SD cards that technicians can simply swap into\n their odorizers prior to installation."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST."
}
],
"value": "For assistance in updating GPL Odorizers to the latest version, users \nshould reach out to GPL Odorizers directly via phone number (303) \n697-6701 during the hours of 8:00 a.m. to 4:00 p.m. MST."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.\u003cbr\u003e\u003ca href=\"https://hornerautomation.com/controller-firmware/\" title=\"(opens in a new window)\"\u003ehttps://hornerautomation.com/controller-firmware/\u003c/a\u003e"
}
],
"value": "Horner Automation offers firmware version 15.76 for their XL Series and \nversion 17.30 for their XL Prime Series controllers. An installation guide\n is available for both the XL series and the XL Prime series.\n https://hornerautomation.com/controller-firmware/"
}
],
"source": {
"advisory": "ICSA-26-099-02",
"discovery": "EXTERNAL"
},
"title": "GPL Odorizers GPL750 Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-4436",
"datePublished": "2026-04-09T20:04:26.208Z",
"dateReserved": "2026-03-19T19:21:21.967Z",
"dateUpdated": "2026-04-14T14:04:53.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13926 (GCVE-0-2025-13926)
Vulnerability from cvelistv5 – Published: 2026-04-09 19:47 – Updated: 2026-04-10 14:11 Unsupported When Assigned
VLAI?
Title
Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision
Summary
An attacker could use data obtained by sniffing the network traffic to
forge packets in order to make arbitrary requests to Contemporary
Controls BASC 20T.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Contemporary Controls | BASControl20 |
Affected:
3.1
|
Credits
Joseph Fields of Naval Information Warfare Center Pacific reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T14:11:03.255285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807 Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T14:11:21.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BASControl20",
"vendor": "Contemporary Controls",
"versions": [
{
"status": "affected",
"version": "3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joseph Fields of Naval Information Warfare Center Pacific reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker could use data obtained by sniffing the network traffic to \nforge packets in order to make arbitrary requests to Contemporary \nControls BASC 20T."
}
],
"value": "An attacker could use data obtained by sniffing the network traffic to \nforge packets in order to make arbitrary requests to Contemporary \nControls BASC 20T."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T19:47:17.841Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.ccontrols.com/support/contacttech.htm"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-01.json"
}
],
"source": {
"advisory": "ICSA-26-099-01",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "According to Contemporary Controls, the BASC-20T is an obsolete product. It is recommended that users of the affected product \u003ca href=\"https://www.ccontrols.com/support/contacttech.htm\"\u003econtact Contemporary Controls\u003c/a\u003e for additional information."
}
],
"value": "According to Contemporary Controls, the BASC-20T is an obsolete product. It is recommended that users of the affected product contact Contemporary Controls https://www.ccontrols.com/support/contacttech.htm for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13926",
"datePublished": "2026-04-09T19:47:17.841Z",
"dateReserved": "2025-12-02T21:00:14.794Z",
"dateUpdated": "2026-04-10T14:11:21.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35063 (GCVE-0-2026-35063)
Vulnerability from cvelistv5 – Published: 2026-04-09 19:00 – Updated: 2026-04-10 18:04
VLAI?
Title
Missing Authorization in OpenPLC_V3
Summary
OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenPLC_V3 | OpenPLC_V3 |
Affected:
All versions
|
Credits
Arad Inbar, Nir Somech, Ben Grinberg, Daniel Lubel, Erez Cohen, and Adiel Sol from DREAM
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T18:04:21.608613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T18:04:45.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenPLC_V3",
"vendor": "OpenPLC_V3",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arad Inbar, Nir Somech, Ben Grinberg, Daniel Lubel, Erez Cohen, and Adiel Sol from DREAM"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller\u0027s role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller\u0027s role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T19:00:09.980Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization in OpenPLC_V3",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 (\u003ca href=\"https://github.com/autonomy-logic/openplc-runtime\" target=\"_blank\"\u003ehttps://github.com/autonomy-logic/openplc-runtime\u003c/a\u003e).\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "OpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 ( https://github.com/autonomy-logic/openplc-runtime )."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-35063",
"datePublished": "2026-04-09T19:00:09.980Z",
"dateReserved": "2026-04-06T15:01:14.379Z",
"dateUpdated": "2026-04-10T18:04:45.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35556 (GCVE-0-2026-35556)
Vulnerability from cvelistv5 – Published: 2026-04-09 18:57 – Updated: 2026-04-10 18:03
VLAI?
Title
Plaintext storage of a password in OpenPLC_V3
Summary
OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.
Severity ?
CWE
- CWE-256 - Plaintext storage of a password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenPLC_V3 | OpenPLC_V3 |
Affected:
All versions
|
Credits
Shriyans Sudhi (ss0x00) from Rochester Institute of Technology (RIT)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T18:03:40.430726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T18:03:50.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenPLC_V3",
"vendor": "OpenPLC_V3",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shriyans Sudhi (ss0x00) from Rochester Institute of Technology (RIT)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.\u003c/p\u003e"
}
],
"value": "OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext storage of a password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T18:57:26.857Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Plaintext storage of a password in OpenPLC_V3",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 (\u003ca href=\"https://github.com/autonomy-logic/openplc-runtime\" target=\"_blank\"\u003ehttps://github.com/autonomy-logic/openplc-runtime\u003c/a\u003e).\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "OpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 ( https://github.com/autonomy-logic/openplc-runtime )."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-35556",
"datePublished": "2026-04-09T18:57:26.857Z",
"dateReserved": "2026-04-06T15:01:14.388Z",
"dateUpdated": "2026-04-10T18:03:50.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28205 (GCVE-0-2026-28205)
Vulnerability from cvelistv5 – Published: 2026-04-09 18:54 – Updated: 2026-04-10 18:02
VLAI?
Title
Initialization of a resource with an insecure default in OpenPLC_V3
Summary
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.
Severity ?
CWE
- CWE-1188 - Initialization of a resource with an insecure default
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenPLC_V3 | OpenPLC_V3 |
Affected:
All versions
|
Credits
Shriyans Sudhi (ss0x00) from Rochester Institute of Technology (RIT)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T18:02:12.757240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T18:02:22.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenPLC_V3",
"vendor": "OpenPLC_V3",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shriyans Sudhi (ss0x00) from Rochester Institute of Technology (RIT)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a resource with an insecure default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T18:54:58.694Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Initialization of a resource with an insecure default in OpenPLC_V3",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 (\u003ca href=\"https://github.com/autonomy-logic/openplc-runtime\" target=\"_blank\"\u003ehttps://github.com/autonomy-logic/openplc-runtime\u003c/a\u003e).\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "OpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 ( https://github.com/autonomy-logic/openplc-runtime )."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-28205",
"datePublished": "2026-04-09T18:54:58.694Z",
"dateReserved": "2026-04-06T15:01:14.335Z",
"dateUpdated": "2026-04-10T18:02:22.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10681 (GCVE-0-2025-10681)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:26 – Updated: 2026-04-06 14:39
VLAI?
Title
Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
Summary
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gardyn | Mobile Application |
Affected:
0 , < 2.11.0
(custom)
|
||
Date Public ?
2026-04-02 16:39
Credits
Michael Groberman reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:37:51.581939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:39:20.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mobile Application",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud API",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.12.2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Groberman reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-04-02T16:39:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers."
}
],
"value": "Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:26:12.913Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"url": "https://mygardyn.com/security/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"
}
],
"source": {
"advisory": "ICSA-26-055-03",
"discovery": "EXTERNAL"
},
"title": "Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\u003cbr\u003e\n\u003cbr\u003eThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\u003cbr\u003e\n\u003cbr\u003eFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\n\n\nThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\nFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-10681",
"datePublished": "2026-04-03T20:26:12.913Z",
"dateReserved": "2025-09-18T11:58:39.111Z",
"dateUpdated": "2026-04-06T14:39:20.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25197 (GCVE-0-2026-25197)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:23 – Updated: 2026-04-07 14:20
VLAI?
Title
Gardyn Cloud API Authorization Bypass Through User-Controlled Key
Summary
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
Severity ?
9.1 (Critical)
CWE
Assigner
References
Date Public ?
2026-04-02 17:13
Credits
Michael Groberman reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:20:24.247361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:20:31.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud API",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.12.2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Groberman reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-04-02T17:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call."
}
],
"value": "A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:23:20.083Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"url": "https://mygardyn.com/security/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\u003cbr\u003e\n\u003cbr\u003eThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\u003cbr\u003e\n\u003cbr\u003eFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\n\n\nThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\nFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"source": {
"advisory": "ICSA-26-055-03",
"discovery": "EXTERNAL"
},
"title": "Gardyn Cloud API Authorization Bypass Through User-Controlled Key",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-25197",
"datePublished": "2026-04-03T20:23:20.083Z",
"dateReserved": "2026-03-17T20:12:55.156Z",
"dateUpdated": "2026-04-07T14:20:31.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28766 (GCVE-0-2026-28766)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:20 – Updated: 2026-04-07 14:22
VLAI?
Title
Gardyn Cloud API Missing Authentication for Critical Function
Summary
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
Severity ?
9.3 (Critical)
CWE
Assigner
References
Date Public ?
2026-04-02 17:06
Credits
Michael Groberman reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:22:42.551564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:22:53.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud API",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.12.2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Groberman reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-04-02T17:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication."
}
],
"value": "A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:20:57.302Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"url": "https://mygardyn.com/security/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\u003cbr\u003e\n\u003cbr\u003eThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\u003cbr\u003e\n\u003cbr\u003eFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\n\n\nThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\nFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"source": {
"advisory": "ICSA-26-055-03",
"discovery": "EXTERNAL"
},
"title": "Gardyn Cloud API Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-28766",
"datePublished": "2026-04-03T20:20:57.302Z",
"dateReserved": "2026-03-17T20:12:55.120Z",
"dateUpdated": "2026-04-07T14:22:53.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28767 (GCVE-0-2026-28767)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:18 – Updated: 2026-04-07 14:23
VLAI?
Title
Gardyn Cloud API Missing Authentication for Critical Function
Summary
A specific administrative endpoint notifications is accessible without proper authentication.
Severity ?
5.3 (Medium)
CWE
Assigner
References
Date Public ?
2026-04-02 17:21
Credits
Michael Groberman reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:23:10.571294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:23:23.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud API",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.12.2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Groberman reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-04-02T17:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A specific administrative endpoint notifications is accessible without proper authentication."
}
],
"value": "A specific administrative endpoint notifications is accessible without proper authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:18:05.470Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"url": "https://mygardyn.com/security/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\u003cbr\u003e\n\u003cbr\u003eThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\u003cbr\u003e\n\u003cbr\u003eFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\n\n\nThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\nFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"source": {
"advisory": "ICSA-26-055-03",
"discovery": "EXTERNAL"
},
"title": "Gardyn Cloud API Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-28767",
"datePublished": "2026-04-03T20:18:05.470Z",
"dateReserved": "2026-03-17T20:12:55.183Z",
"dateUpdated": "2026-04-07T14:23:23.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32646 (GCVE-0-2026-32646)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:15 – Updated: 2026-04-07 14:24
VLAI?
Title
Gardyn Cloud API Missing Authentication for Critical Function
Summary
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
Severity ?
CWE
Assigner
References
Date Public ?
2026-04-02 17:18
Credits
Michael Groberman reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:24:05.490804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:24:15.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud API",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.12.2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Groberman reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-04-02T17:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A specific administrative endpoint is accessible without proper authentication, exposing device management functions."
}
],
"value": "A specific administrative endpoint is accessible without proper authentication, exposing device management functions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:15:45.736Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"url": "https://mygardyn.com/security/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\u003cbr\u003e\n\u003cbr\u003eThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\u003cbr\u003e\n\u003cbr\u003eFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\n\n\nThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\nFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"source": {
"advisory": "ICSA-26-055-03",
"discovery": "EXTERNAL"
},
"title": "Gardyn Cloud API Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-32646",
"datePublished": "2026-04-03T20:15:45.736Z",
"dateReserved": "2026-03-17T20:12:55.166Z",
"dateUpdated": "2026-04-07T14:24:15.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32662 (GCVE-0-2026-32662)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:11 – Updated: 2026-04-06 14:51
VLAI?
Title
Gardyn Cloud API Active Debug Code
Summary
Development and test API endpoints are present that mirror production functionality.
Severity ?
5.3 (Medium)
CWE
Assigner
References
Date Public ?
2026-04-02 17:24
Credits
Michael Groberman reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:50:24.844565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:51:59.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud API",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.12.2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Groberman reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-04-02T17:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Development and test API endpoints are present that mirror production functionality."
}
],
"value": "Development and test API endpoints are present that mirror production functionality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:11:56.176Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"url": "https://mygardyn.com/security/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\u003cbr\u003e\n\u003cbr\u003eThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\u003cbr\u003e\n\u003cbr\u003eFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\n\n\nThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\nFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"source": {
"advisory": "ICSA-26-055-03",
"discovery": "EXTERNAL"
},
"title": "Gardyn Cloud API Active Debug Code",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-32662",
"datePublished": "2026-04-03T20:11:56.176Z",
"dateReserved": "2026-03-17T20:12:55.193Z",
"dateUpdated": "2026-04-06T14:51:59.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1579 (GCVE-0-2026-1579)
Vulnerability from cvelistv5 – Published: 2026-03-31 20:20 – Updated: 2026-03-31 20:36
VLAI?
Title
PX4 Autopilot Missing authentication for critical function
Summary
The MAVLink communication protocol does not require cryptographic
authentication by default. When MAVLink 2.0 message signing is not
enabled, any message -- including SERIAL_CONTROL, which provides
interactive shell access -- can be sent by an unauthenticated party with
access to the MAVLink interface. PX4 provides MAVLink 2.0 message
signing as the cryptographic authentication mechanism for all MAVLink
communication. When signing is enabled, unsigned messages are rejected
at the protocol level.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Credits
Dolev Aviv of Cyviation reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T20:35:56.040324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T20:36:09.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Autopilot",
"vendor": "PX4",
"versions": [
{
"status": "affected",
"version": "v1.16.0 SITL"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dolev Aviv of Cyviation reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MAVLink communication protocol does not require cryptographic \nauthentication by default. When MAVLink 2.0 message signing is not \nenabled, any message -- including SERIAL_CONTROL, which provides \ninteractive shell access -- can be sent by an unauthenticated party with\n access to the MAVLink interface. PX4 provides MAVLink 2.0 message \nsigning as the cryptographic authentication mechanism for all MAVLink \ncommunication. When signing is enabled, unsigned messages are rejected \nat the protocol level."
}
],
"value": "The MAVLink communication protocol does not require cryptographic \nauthentication by default. When MAVLink 2.0 message signing is not \nenabled, any message -- including SERIAL_CONTROL, which provides \ninteractive shell access -- can be sent by an unauthenticated party with\n access to the MAVLink interface. PX4 provides MAVLink 2.0 message \nsigning as the cryptographic authentication mechanism for all MAVLink \ncommunication. When signing is enabled, unsigned messages are rejected \nat the protocol level."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T20:20:06.506Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://docs.px4.io/main/en/mavlink/security_hardening"
},
{
"url": "https://docs.px4.io/main/en/mavlink/message_signing"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-090-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePX4 recommends enabling MAVLink 2.0 message signing as the \nauthentication mechanism for all non\u2011USB communication links. PX4 has \npublished a security hardening guide for integrators and manufacturers \nat\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://docs.px4.io/main/en/mavlink/security_hardening\" title=\"(opens in a new window)\"\u003ehttps://docs.px4.io/main/en/mavlink/security_hardening\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003eMessage signing configuration documentation can be found at\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://docs.px4.io/main/en/mavlink/message_signing\" title=\"(opens in a new window)\"\u003ehttps://docs.px4.io/main/en/mavlink/message_signing\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "PX4 recommends enabling MAVLink 2.0 message signing as the \nauthentication mechanism for all non\u2011USB communication links. PX4 has \npublished a security hardening guide for integrators and manufacturers \nat\u00a0\n https://docs.px4.io/main/en/mavlink/security_hardening \n\n\nMessage signing configuration documentation can be found at\u00a0\n https://docs.px4.io/main/en/mavlink/message_signing"
}
],
"source": {
"advisory": "ICSA-26-090-02",
"discovery": "EXTERNAL"
},
"title": "PX4 Autopilot Missing authentication for critical function",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1579",
"datePublished": "2026-03-31T20:20:06.506Z",
"dateReserved": "2026-01-28T22:27:22.970Z",
"dateUpdated": "2026-03-31T20:36:09.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3356 (GCVE-0-2026-3356)
Vulnerability from cvelistv5 – Published: 2026-03-31 18:40 – Updated: 2026-04-01 13:43
VLAI?
Title
Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor
Summary
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.
Severity ?
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Anritsu | Remote Spectrum Monitor MS27100A |
Affected:
All versions
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Souvik Kandar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:43:38.631220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:43:44.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27100A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27101A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27102A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27103A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Souvik Kandar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T18:40:17.359Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\u003cbr\u003e\n\u003cbr\u003eUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\n\n\nUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-3356",
"datePublished": "2026-03-31T18:40:17.359Z",
"dateReserved": "2026-02-27T18:08:31.007Z",
"dateUpdated": "2026-04-01T13:43:44.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3650 (GCVE-0-2026-3650)
Vulnerability from cvelistv5 – Published: 2026-03-26 21:10 – Updated: 2026-03-27 19:39
VLAI?
Title
Grassroots DICOM Missing release of memory after effective lifetime
Summary
A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Grassroots | Grassroots DICOM (GDCM) |
Affected:
3.2.2
(custom)
|
Credits
Volodymyr Bihunenko, Mykyta Mudryi, and Markiian Chaklosh of ARIMLABS reported this vulnerability to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T19:28:28.040891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:39:21.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Grassroots DICOM (GDCM)",
"vendor": "Grassroots",
"versions": [
{
"status": "affected",
"version": "3.2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Volodymyr Bihunenko, Mykyta Mudryi, and Markiian Chaklosh of ARIMLABS reported this vulnerability to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it."
}
],
"value": "A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T21:10:30.864Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://sourceforge.net/projects/gdcm/"
},
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-083-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-083-01.json"
}
],
"source": {
"advisory": "ICSMA-26-083-01",
"discovery": "EXTERNAL"
},
"title": "Grassroots DICOM Missing release of memory after effective lifetime",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe maintainer of Grassroots DICOM (GDCM) has not responded to \nrequests to work with CISA to mitigate this vulnerability. For update \ninformation refer to the software page on SourceForge.\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://sourceforge.net/projects/gdcm/\" title=\"(opens in a new window)\"\u003ehttps://sourceforge.net/projects/gdcm/\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "The maintainer of Grassroots DICOM (GDCM) has not responded to \nrequests to work with CISA to mitigate this vulnerability. For update \ninformation refer to the software page on SourceForge.\n\n https://sourceforge.net/projects/gdcm/"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-3650",
"datePublished": "2026-03-26T21:10:30.864Z",
"dateReserved": "2026-03-06T16:24:00.662Z",
"dateUpdated": "2026-03-27T19:39:21.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2417 (GCVE-0-2026-2417)
Vulnerability from cvelistv5 – Published: 2026-03-24 18:06 – Updated: 2026-03-24 18:38
VLAI?
Title
Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller
Summary
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.
Severity ?
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pharos Controls | Mosaic Show Controller |
Affected:
2.15.3
|
Credits
James Tully reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T18:37:58.359353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T18:38:05.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mosaic Show Controller",
"vendor": "Pharos Controls",
"versions": [
{
"status": "affected",
"version": "2.15.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Tully reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.\u003c/p\u003e"
}
],
"value": "A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T18:06:32.303Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Pharos Controls recommends that users upgrade Mosaic Show Controller to version 2.16 or later."
}
],
"value": "Pharos Controls recommends that users upgrade Mosaic Show Controller to version 2.16 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-2417",
"datePublished": "2026-03-24T18:06:32.303Z",
"dateReserved": "2026-02-12T17:31:30.834Z",
"dateUpdated": "2026-03-24T18:38:05.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24060 (GCVE-0-2026-24060)
Vulnerability from cvelistv5 – Published: 2026-03-20 23:19 – Updated: 2026-03-23 15:55 Unsupported When Assigned
VLAI?
Title
Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information
Summary
Service information is not encrypted when transmitted as BACnet packets
over the wire, and can be sniffed, intercepted, and modified by an
attacker. Valuable information such as the File Start Position and File
Data can be sniffed from network traffic using Wireshark's BACnet
dissector filter. The proprietary format used by WebCTRL to receive
updates from the PLC can also be sniffed and reverse engineered.
Severity ?
9.1 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCTRL Premium Server |
Affected:
0 , < v8.5
(custom)
|
Credits
Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T14:49:21.420075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T15:55:53.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebCTRL Premium Server",
"vendor": "Automated Logic",
"versions": [
{
"lessThan": "v8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Service information is not encrypted when transmitted as BACnet packets \nover the wire, and can be sniffed, intercepted, and modified by an \nattacker. Valuable information such as the File Start Position and File \nData can be sniffed from network traffic using Wireshark\u0027s BACnet \ndissector filter. The proprietary format used by WebCTRL to receive \nupdates from the PLC can also be sniffed and reverse engineered."
}
],
"value": "Service information is not encrypted when transmitted as BACnet packets \nover the wire, and can be sniffed, intercepted, and modified by an \nattacker. Valuable information such as the File Start Position and File \nData can be sniffed from network traffic using Wireshark\u0027s BACnet \ndissector filter. The proprietary format used by WebCTRL to receive \nupdates from the PLC can also be sniffed and reverse engineered."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T23:19:05.223Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.automatedlogic.com/en/company/security-commitment/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC."
}
],
"value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.automatedlogic.com/en/company/security-commitment/\" title=\"(opens in a new window)\"\u003ehttps://www.automatedlogic.com/en/company/security-commitment/\u003c/a\u003e"
}
],
"value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:\u00a0\n https://www.automatedlogic.com/en/company/security-commitment/"
}
],
"source": {
"advisory": "ICSA-26-078-08",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-24060",
"datePublished": "2026-03-20T23:19:05.223Z",
"dateReserved": "2026-03-12T19:57:03.348Z",
"dateUpdated": "2026-03-23T15:55:53.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}