Home / Vulnerability Intelligence / CVE-2026-6284

CVE-2026-6284 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 17, 2026

PLC - Authentication Bypass

Published: April 17, 2026Updated: April 17, 2026Remote Exploitable

Overview

A PLC contains a broken authentication vulnerability caused by limited password complexity and lack of input limiters, letting attackers with network access brute force passwords to gain unauthorized access.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can gain unauthorized access to systems and services by brute forcing passwords.

Mitigation

Implement stronger password complexity and input limiters or update to the latest secure version.

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json
https://hornerautomation.com/cscape-software-free/cscape-software/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-6284
Severity: Critical
CVSS Score: 9.1
Type: broken_authentication
Status: unconfirmed

CWE

CWE-521

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N