CVE 9.4 CRITICAL

Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function_CVE-2026-3893

April 28, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Description

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needing credentials.

AI Analysis

Missing authentication mechanism in VASCO-B GNSS Receiver allows unauthorized access and modification of configuration and operational functions

Basic Information

ID CVE-2026-3893

Source icscert

Published Apr 28, 2026 at 17:34

Affected Product

Vendor Carlson Software

Product VASCO-B GNSS Receiver

Affected Versions Carlson Software VASCO-B GNSS Receiver 0

CWE Classification

CWE-306

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor Carlson Software

Product VASCO-B GNSS Receiver

References

{
    "lastseen": "",
    "description": "The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, \nallowing an attacker with network access to directly access and modify \nits configuration and operational functions without needing credentials.",
    "published": "2026-04-28T17:34:56.130Z",
    "modified": "2026-04-28T17:34:56.130Z",
    "type": "cve",
    "title": "Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function",
    "source": "icscert",
    "references": "https://www.carlsonsw.com/support-and-training/\nhttps://www.cve.org/CVERecord?id=CVE-2026-3893\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-02.json",
    "id": "CVE-2026-3893",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Carlson Software VASCO-B GNSS Receiver 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VASCO-B GNSS Receiver",
    "version": "0",
    "vendor": "Carlson Software",
    "ai_description": "Missing authentication mechanism in VASCO-B GNSS Receiver allows unauthorized access and modification of configuration and operational functions",
    "ai_severity": "Critical",
    "ai_vendor": "Carlson Software",
    "ai_product": "VASCO-B GNSS Receiver",
    "ai_version": "0",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply