Description
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
Published: 2026-04-28
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

An unsecured configuration interface on affected VEGAPULS devices allows unauthenticated remote attackers to read sensitive data such as hashed credentials and access codes, potentially enabling further privileged access.

Affected Systems

The flaw affects VEGA Grieshaber VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL) devices running firmware versions 1.0.0 and 1.1.0.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Inferred from the description, the attack vector is remote over the network, exploiting an unsecured configuration interface without authentication.

Generated by OpenCVE AI on April 28, 2026 at 12:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official firmware update or vendor patch to VEGA Grieshaber VEGAPULS 6X devices that addresses the unsecured configuration interface.
  • Secure the configuration interface by disabling remote access or restricting it to trusted local networks and enforcing strong authentication methods.
  • Monitor device logs for unauthorized configuration access attempts and verify that the interface is no longer exposed to unauthenticated network traffic.

Generated by OpenCVE AI on April 28, 2026 at 12:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
Description An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
Title VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices
First Time appeared Vega
Vega vegapuls6x Pn Firmware
Weaknesses CWE-306
CPEs cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.1.0:*:*:*:*:*:*:*
Vendors & Products Vega
Vega vegapuls6x Pn Firmware
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Vega Vegapuls6x Pn Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-04-28T12:11:34.980Z

Reserved: 2026-02-27T11:10:05.931Z

Link: CVE-2026-3323

cve-icon Vulnrichment

Updated: 2026-04-28T12:11:11.751Z

cve-icon NVD

Status : Received

Published: 2026-04-28T11:16:05.967

Modified: 2026-04-28T11:16:05.967

Link: CVE-2026-3323

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:15:30Z

Weaknesses