Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

AI Analysis

Weak password requirements allow brute force password enumeration and unauthorized access to systems and services.

Basic Information

ID CVE-2026-6284

Source icscert

Published Apr 17, 2026 at 15:14

Affected Product

Vendor Horner Automation

Product Cscape

Version 10.0

Affected Versions Horner Automation Cscape 10.0
Horner Automation XL7 PLC 15.60
Horner Automation XL4 PLC 16.32.0

CWE Classification

CWE-521

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Horner Automation

Product Cscape, XL4 PLC, XL7 PLC

Version 10.0, 15.60, 16.32.0

References

{
    "lastseen": "",
    "description": "An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.",
    "published": "2026-04-17T15:14:06.346Z",
    "modified": "2026-04-17T15:14:06.346Z",
    "type": "cve",
    "title": "Horner Automation Cscape and XL4, XL7 PLC Weak password requirements",
    "source": "icscert",
    "references": "https://hornerautomation.com/cscape-software-free/cscape-software/\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json",
    "id": "CVE-2026-6284",
    "bulletinFamily": "",
    "cwe": [
        "CWE-521"
    ],
    "cvelist": null,
    "sourceData": "Horner Automation Cscape 10.0\nHorner Automation XL7 PLC 15.60\nHorner Automation XL4 PLC 16.32.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cscape",
    "version": "10.0",
    "vendor": "Horner Automation",
    "ai_description": "Weak password requirements allow brute force password enumeration and unauthorized access to systems and services.",
    "ai_severity": "Critical",
    "ai_vendor": "Horner Automation",
    "ai_product": "Cscape, XL4 PLC, XL7 PLC",
    "ai_version": "10.0, 15.60, 16.32.0",
    "ai_score": 9.3
}

Horner Automation Cscape and XL4, XL7 PLC Weak password requirements_CVE-2026-6284