Anviz CrossChex Standard Algorithm Downgrade_CVE-2026-32650

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable
encryption, causing database credentials to be sent in plaintext and
enabling unauthorized database access.

Basic Information

ID CVE-2026-32650

Source icscert

Published Apr 17, 2026 at 19:52

Modified Apr 17, 2026 at 20:26

Affected Product

Vendor Anviz

Product Anviz CrossChex Standard

Version All versions

Affected Versions Anviz Anviz CrossChex Standard All versions

CWE Classification

CWE-757

References

{
    "lastseen": "",
    "description": "Anviz CrossChex Standard\u00a0is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access.",
    "published": "2026-04-17T19:52:45.308Z",
    "modified": "2026-04-17T20:26:17.922Z",
    "type": "cve",
    "title": "Anviz CrossChex Standard Algorithm Downgrade",
    "source": "icscert",
    "references": "https://www.anviz.com/contact-us.html\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json",
    "id": "CVE-2026-32650",
    "bulletinFamily": "",
    "cwe": [
        "CWE-757"
    ],
    "cvelist": null,
    "sourceData": "Anviz Anviz CrossChex Standard All versions",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Anviz CrossChex Standard",
    "version": "All versions",
    "vendor": "Anviz",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}