Description
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
Published: 2026-04-17
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized system access via password brute force
Action: Immediate Patch
AI Analysis

Impact

An attacker with network access to a Horner Automation PLC can brute‑force the login interface because passwords are weak and no input limiters are applied. This allows the attacker to obtain administrative credentials and then gain unauthorized access to the PLC’s control and monitoring functions, potentially compromising critical industrial processes. The vulnerability is a classic example of Weak Credentials (CWE‑521).

Affected Systems

Affected products include Horner Automation Cscape, XL4 PLC, and XL7 PLC. Vendor documentation recommends upgrading to Cscape v10.2 SP2 or later and installing the latest firmware on all XL4 and XL7 PLCs. No specific version numbers are listed in the advisory, so all current releases without these updates are potentially vulnerable.

Risk and Exploitability

The CVSS score of 9.3 indicates a critical severity, yet the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. Because the attack requires only network connectivity to the PLC and no privileged local access, it is fairly easy for an attacker operating on the same network segment to mount an enumeration attack. With no account lockout or input throttling, brute‑force attempts can succeed quickly, raising the likelihood of exploitation.

Generated by OpenCVE AI on April 18, 2026 at 09:15 UTC.

Remediation

Vendor Solution

Horner Automation recommends users update to Cscape v10.2 SP2 or later. Horner Automation has also released the latest firmware for both XL4 and XL7 PLCs. Horner recommends users update to the latest version of the firmware.  https://hornerautomation.com/cscape-software-free/cscape-software/

OpenCVE Recommended Actions

  • Apply the latest Cscape release (v10.2 SP2 or newer) to all affected systems.
  • Upgrade the firmware on all XL4 and XL7 PLCs to the most recent versions provided by Horner Automation.
  • Configure network controls to limit PLC access to trusted devices and enforce strong password policies, including account lockout mechanisms, to mitigate brute‑force attempts.

Generated by OpenCVE AI on April 18, 2026 at 09:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Hornerautomation
Hornerautomation cscape
Hornerautomation xl4 Plc
Hornerautomation xl7 Plc
Vendors & Products Hornerautomation
Hornerautomation cscape
Hornerautomation xl4 Plc
Hornerautomation xl7 Plc

Fri, 17 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
Title Horner Automation Cscape and XL4, XL7 PLC Weak password requirements
Weaknesses CWE-521
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Hornerautomation Cscape Xl4 Plc Xl7 Plc
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-20T14:58:32.621Z

Reserved: 2026-04-14T15:07:32.676Z

Link: CVE-2026-6284

cve-icon Vulnrichment

Updated: 2026-04-17T16:06:29.555Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-17T16:17:07.620

Modified: 2026-04-20T16:16:50.357

Link: CVE-2026-6284

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:30:25Z

Weaknesses