CVE-2026-6284 Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

CVE-2026-6284

CVE-2026-6284 is reserved, but connected ICS advisory ICSA-26-106-02 provides concrete details: for Horner Automation Cscape and XL4/XL7 PLCs, an attacker with network access can brute-force passwords due to weak password complexity and lack of input-rate limiting, enabling unauthorized access to...

CVE-2026-6284 Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

Horner Automation多款产品 安全漏洞

Horner Automation Cscape is a product of the American company Horner Automation. Horner Automation Cscape is a programming software used for developing industrial control systems. Horner Automation XL7 PLC is an industrial programmable logic controller with integrated touchscreen and control...

Horner Automation Cscape and XL4, XL7 PLC

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure...

EUVD-2019-4996

Malware in sbrugna...

EUVD-2023-36783

Malicious code in bioql PyPI...

EUVD-2024-50368

Malicious code in bioql PyPI...

EUVD-2022-34889

Malicious code in bioql PyPI...

EUVD-2022-42757

Malicious code in bioql PyPI...

EUVD-2023-36461

Malicious code in bioql PyPI...

EUVD-2023-35592

Malicious code in bioql PyPI...

EUVD-2022-34887

Malicious code in bioql PyPI...

EUVD-2022-34888

Malicious code in bioql PyPI...

TRUSTCHECKPOINTS: Time Betrays Malware for Unconditional Software Root of Trust

Modern IoT and embedded platforms must start execution from a known trusted state to thwart malware, ensure secure firmware updates, and protect critical infrastructure. Current approaches to establish a root of trust depend on secret keys and/or specialized secure hardware, which drives up costs...

CVE-2019-13541

In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code...

CVE-2019-13545

In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution...

CVE-2025-4098

Horner Automation Cscape version 10.0 10.0.415.2 SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape...

CVE-2025-4098

CVE-2025-4098 affects Horner Automation Cscape 10.0 (10.0.415.2) SP1. The vulnerability is an out-of-bounds read in a component/function used by Cscape that could allow an attacker to disclose information and potentially execute arbitrary code on affected installations. The CVSS metrics indicate ...

CVE-2025-4098 Out-of-bounds Read in Horner Automation Cscape

Horner Automation Cscape version 10.0 10.0.415.2 SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape...