Horner Automation Cscape and XL4, XL7 PLC
Summary
A critical vulnerability, CVE-2026-6284, has been identified in Horner Automation Cscape and XL4, XL7 PLC products. This flaw, stemming from weak password requirements, allows attackers to brute force passwords and gain unauthorized system access.
IFF Assessment
The vulnerability allows attackers to gain unauthorized access to critical infrastructure systems, posing a significant risk to operational technology environments.
Severity
The CVSS score of 9.1 reflects the critical nature of the vulnerability, which allows for unauthorized access with a high impact on confidentiality and integrity due to weak password requirements and lack of input limitations.
Defender Context
Defenders need to prioritize patching or updating affected Horner Automation Cscape and PLC systems to the latest recommended versions. They should also review and strengthen password policies and implement network segmentation to limit potential attacker access to PLCs.