Critical Weak Password Vulnerability (CVE‑2026‑6284) in Horner Automation Cscape & XL4/XL7 PLCs Threatens Manufacturing Control Systems
What It Is – Horner Automation’s Cscape SCADA software (v10.0) and XL4/XL7 programmable logic controllers (v16.32.0 & v15.60) suffer from weak password requirements that allow unlimited brute‑force attempts. An attacker with network access can enumerate passwords and gain unauthorized control of the devices.
Exploitability – The flaw is publicly disclosed (CVE‑2026‑6284) and rated CVSS 3.1 9.1 (Critical). No public exploit code has been released, but the attack requires only network connectivity and can be automated, making exploitation highly feasible.
Affected Products – Horner Automation Cscape v10.0; XL7 PLC v15.60; XL4 PLC v16.32.0.
TPRM Impact – These PLCs are deployed worldwide in critical manufacturing environments. A compromised controller can disrupt production lines, cause safety incidents, and expose downstream supply‑chain partners to operational risk.
Recommended Actions –
- Immediately apply Horner Automation’s firmware updates: Cscape v10.2 SP2 or later, and the latest XL4/XL7 firmware.
- Enforce strong, unique passwords on all PLC accounts; implement account lockout after failed attempts.
- Segment PLC networks from corporate IT and restrict inbound traffic to trusted sources only.
- Conduct a credential audit and rotate any passwords that may have been exposed.
Source: CISA Advisory – ICSA‑26‑106‑02