{"cve":{"cve_id":"CVE-2026-6284","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00449,"epss_percentile":0.35702,"epss_as_of":"2026-06-23","description":"An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.","published_at":"2026-04-17T15:14:06.346000Z","last_modified_at":null,"cvss_v3_score":9.1,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss_v3_severity":"CRITICAL","cvss_v4_score":9.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","cvss_v4_severity":"CRITICAL","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-521"],"nvd_references":["https://hornerautomation.com/cscape-software-free/cscape-software/","https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02","https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:31:00.922472Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"horner-automation","vendor_name":"Horner Automation","product_slug":"cscape","product_name":"Cscape","version_start":"10.0","version_start_inclusive":true,"version_end":"10.0","version_end_inclusive":true,"cpe23_uri":"cve5:horner-automation:cscape:10.0:10.0"},{"vendor_slug":"horner-automation","vendor_name":"Horner Automation","product_slug":"xl4-plc","product_name":"XL4 PLC","version_start":"16.32.0","version_start_inclusive":true,"version_end":"16.32.0","version_end_inclusive":true,"cpe23_uri":"cve5:horner-automation:xl4-plc:16.32.0:16.32.0"},{"vendor_slug":"horner-automation","vendor_name":"Horner Automation","product_slug":"xl7-plc","product_name":"XL7 PLC","version_start":"15.60","version_start_inclusive":true,"version_end":"15.60","version_end_inclusive":true,"cpe23_uri":"cve5:horner-automation:xl7-plc:15.60:15.60"}],"exploit_refs":[],"news":[],"references":[{"url":"https://hornerautomation.com/cscape-software-free/cscape-software/","source_type":"MISC","tags":[]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-04-17T15:14:06.346000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:56:01.087206Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:01.087206Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:01.087206Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:01.087206Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:01.087206Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:01.087206Z","label":"CVSS score revised","source":"cvelistv5"}]}