{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-6284","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2026-04-14T15:07:32.676Z","datePublished":"2026-04-17T15:14:06.346Z","dateUpdated":"2026-04-20T14:58:32.621Z"},"containers":{"cna":{"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2026-04-17T15:14:06.346Z"},"title":"Horner Automation Cscape and XL4, XL7 PLC Weak password requirements","datePublic":"2026-04-16T17:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-521","description":"CWE-521","type":"CWE"}]}],"affected":[{"vendor":"Horner Automation","product":"Cscape","versions":[{"status":"affected","version":"10.0"}],"defaultStatus":"unaffected"},{"vendor":"Horner Automation","product":"XL7 PLC","versions":[{"status":"affected","version":"15.60"}],"defaultStatus":"unaffected"},{"vendor":"Horner Automation","product":"XL4 PLC","versions":[{"status":"affected","version":"16.32.0"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.","supportingMedia":[{"type":"text/html","base64":false,"value":"An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible."}]}],"references":[{"url":"https://hornerautomation.com/cscape-software-free/cscape-software/"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"CRITICAL","baseScore":9.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseSeverity":"CRITICAL","baseScore":9.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}],"solutions":[{"lang":"en","value":"Horner Automation recommends users update to Cscape v10.2 SP2 or later. Horner Automation has also released the latest firmware for both XL4 and XL7 PLCs. Horner recommends users update to the latest version of the firmware. \n https://hornerautomation.com/cscape-software-free/cscape-software/","supportingMedia":[{"type":"text/html","base64":false,"value":"Horner Automation recommends users update to Cscape v10.2 SP2 or later. Horner Automation has also released the latest firmware for both XL4 and XL7 PLCs. Horner recommends users update to the latest version of the firmware.&nbsp;<br><a href=\"https://hornerautomation.com/cscape-software-free/cscape-software/\" title=\"(opens in a new window)\">https://hornerautomation.com/cscape-software-free/cscape-software/</a>"}]}],"credits":[{"lang":"en","value":"An anonymous researcher reported this vulnerability to CISA","type":"finder"}],"source":{"advisory":"ICSA-26-106-02","discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-521","lang":"en","description":"CWE-521 Weak Password Requirements"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-17T16:06:19.870633Z","id":"CVE-2026-6284","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-20T14:58:32.621Z"}}]}}