CVE-2026-6284CRITICAL 9.1EPSS p35.7%

CVE-2026-6284CVE-2026-6284

Description

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.45% probability of exploitation · percentile 35.7% · 2026-06-19T12:03:05Z
Published2026-04-17
Last modified2026-04-20

Underlying weaknesses· 1

CWE-521

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json
  2. https://hornerautomation.com/cscape-software-free/cscape-software/
  3. https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02

1

TypeTargetConfidenceTier
WeaknessWeak Password Requirementscwe-5210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25293
CVE
CVE-2025-48466
CVE
CVE-2026-24790
CVE
CVE-2026-22910
CVE
CVE-2025-1960
CVE
CVE-2025-41709
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.