Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Ingecon Sun EMS Board by Ingeteam

    CVE-2026-8072 (GCVE-0-2026-8072)

    Vulnerability from nvd – Published: 2026-05-12 09:57 – Updated: 2026-05-12 12:19
    VLAI
    Title
    Insecure generation of SAT access credentials in Ingecon EMS Board
    Summary
    Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Ingeteam Ingecon Sun EMS Board Affected: 0 , ≤ AAX1055CT (custom)
    Affected: 0 , ≤ ABU1001_P (custom)
    Affected: 0 , ≤ ACL1201_B (custom)
    Affected: 0 , ≤ ACL1200AL (custom)
    Affected: 0 , ≤ ABH1027_K (custom)
    Affected: 0 , ≤ ABH1007_Z (custom)
    Affected: 0 , ≤ ABS1009_L (custom)
    Affected: 0 , ≤ ABS1005_T (custom)
    Affected: 0 , ≤ ACB1005_A (custom)
    Affected: 0 , ≤ AAX1031CN (custom)
    Unaffected: AAX1055CU
    Unaffected: ABU1001_Q
    Unaffected: ACL1201_C
    Unaffected: ACL1200AM
    Unaffected: ABH1027_L
    Unaffected: ABH1007AA
    Unaffected: ABS1009_P
    Unaffected: ABS1005_U
    Unaffected: ACB1005_C
    Unaffected: AAX1031CO
    Create a notification for this product.
    Date Public
    2026-05-12 09:47
    Credits
    Rubén Santamarta
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8072",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T12:14:40.942716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:19:29.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ingecon Sun EMS Board",
              "vendor": "Ingeteam",
              "versions": [
                {
                  "lessThanOrEqual": "AAX1055CT",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABU1001_P",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ACL1201_B",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ACL1200AL",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABH1027_K",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABH1007_Z",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABS1009_L",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABS1005_T",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ACB1005_A",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "AAX1031CN",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "AAX1055CU"
                },
                {
                  "status": "unaffected",
                  "version": "ABU1001_Q"
                },
                {
                  "status": "unaffected",
                  "version": "ACL1201_C"
                },
                {
                  "status": "unaffected",
                  "version": "ACL1200AM"
                },
                {
                  "status": "unaffected",
                  "version": "ABH1027_L"
                },
                {
                  "status": "unaffected",
                  "version": "ABH1007AA"
                },
                {
                  "status": "unaffected",
                  "version": "ABS1009_P"
                },
                {
                  "status": "unaffected",
                  "version": "ABS1005_U"
                },
                {
                  "status": "unaffected",
                  "version": "ACB1005_C"
                },
                {
                  "status": "unaffected",
                  "version": "AAX1031CO"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "aax1055ct",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abu1001_p",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "acl1201_b",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "acl1200al",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abh1027_k",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abh1007_z",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abs1009_l",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abs1005_t",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "acb1005_a",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "aax1031cn",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:aax1055cu:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abu1001_q:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:acl1201_c:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:acl1200am:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abh1027_l:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abh1007aa:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abs1009_p:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abs1005_u:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:acb1005_c:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:aax1031co:*:*:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rub\u00e9n Santamarta"
            }
          ],
          "datePublic": "2026-05-12T09:47:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation."
                }
              ],
              "value": "Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T09:57:02.625Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/insecure-generation-sat-access-credentials-ingecon-ems-board"
            },
            {
              "url": "https://www.reversemode.com/2026/05/a-practical-analysis-of-cyber-physical.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The risk has been mitigated with the release of a patch applicable to all versions, developed in December 2025. It is recommended that users update to the newer versions."
                }
              ],
              "value": "The risk has been mitigated with the release of a patch applicable to all versions, developed in December 2025. It is recommended that users update to the newer versions."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insecure generation of SAT access credentials in Ingecon EMS Board",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2026-8072",
        "datePublished": "2026-05-12T09:57:02.625Z",
        "dateReserved": "2026-05-07T09:46:15.152Z",
        "dateUpdated": "2026-05-12T12:19:29.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8072 (GCVE-0-2026-8072)

    Vulnerability from cvelistv5 – Published: 2026-05-12 09:57 – Updated: 2026-05-12 12:19
    VLAI
    Title
    Insecure generation of SAT access credentials in Ingecon EMS Board
    Summary
    Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Ingeteam Ingecon Sun EMS Board Affected: 0 , ≤ AAX1055CT (custom)
    Affected: 0 , ≤ ABU1001_P (custom)
    Affected: 0 , ≤ ACL1201_B (custom)
    Affected: 0 , ≤ ACL1200AL (custom)
    Affected: 0 , ≤ ABH1027_K (custom)
    Affected: 0 , ≤ ABH1007_Z (custom)
    Affected: 0 , ≤ ABS1009_L (custom)
    Affected: 0 , ≤ ABS1005_T (custom)
    Affected: 0 , ≤ ACB1005_A (custom)
    Affected: 0 , ≤ AAX1031CN (custom)
    Unaffected: AAX1055CU
    Unaffected: ABU1001_Q
    Unaffected: ACL1201_C
    Unaffected: ACL1200AM
    Unaffected: ABH1027_L
    Unaffected: ABH1007AA
    Unaffected: ABS1009_P
    Unaffected: ABS1005_U
    Unaffected: ACB1005_C
    Unaffected: AAX1031CO
    Create a notification for this product.
    Date Public
    2026-05-12 09:47
    Credits
    Rubén Santamarta
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8072",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T12:14:40.942716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:19:29.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ingecon Sun EMS Board",
              "vendor": "Ingeteam",
              "versions": [
                {
                  "lessThanOrEqual": "AAX1055CT",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABU1001_P",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ACL1201_B",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ACL1200AL",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABH1027_K",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABH1007_Z",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABS1009_L",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ABS1005_T",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "ACB1005_A",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "AAX1031CN",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "AAX1055CU"
                },
                {
                  "status": "unaffected",
                  "version": "ABU1001_Q"
                },
                {
                  "status": "unaffected",
                  "version": "ACL1201_C"
                },
                {
                  "status": "unaffected",
                  "version": "ACL1200AM"
                },
                {
                  "status": "unaffected",
                  "version": "ABH1027_L"
                },
                {
                  "status": "unaffected",
                  "version": "ABH1007AA"
                },
                {
                  "status": "unaffected",
                  "version": "ABS1009_P"
                },
                {
                  "status": "unaffected",
                  "version": "ABS1005_U"
                },
                {
                  "status": "unaffected",
                  "version": "ACB1005_C"
                },
                {
                  "status": "unaffected",
                  "version": "AAX1031CO"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "aax1055ct",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abu1001_p",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "acl1201_b",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "acl1200al",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abh1027_k",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abh1007_z",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abs1009_l",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "abs1005_t",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "acb1005_a",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "aax1031cn",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:aax1055cu:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abu1001_q:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:acl1201_c:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:acl1200am:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abh1027_l:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abh1007aa:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abs1009_p:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:abs1005_u:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:acb1005_c:*:*:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:ingeteam:ingecon_sun_ems_board:aax1031co:*:*:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rub\u00e9n Santamarta"
            }
          ],
          "datePublic": "2026-05-12T09:47:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation."
                }
              ],
              "value": "Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T09:57:02.625Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/insecure-generation-sat-access-credentials-ingecon-ems-board"
            },
            {
              "url": "https://www.reversemode.com/2026/05/a-practical-analysis-of-cyber-physical.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The risk has been mitigated with the release of a patch applicable to all versions, developed in December 2025. It is recommended that users update to the newer versions."
                }
              ],
              "value": "The risk has been mitigated with the release of a patch applicable to all versions, developed in December 2025. It is recommended that users update to the newer versions."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insecure generation of SAT access credentials in Ingecon EMS Board",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2026-8072",
        "datePublished": "2026-05-12T09:57:02.625Z",
        "dateReserved": "2026-05-07T09:46:15.152Z",
        "dateUpdated": "2026-05-12T12:19:29.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }