CVE-2026-6284 Horner Automation CVE debrief

Who should care

OT/ICS operators, PLC administrators, and engineering teams running Horner Automation Cscape v10.0, XL4 PLC v16.32.0, or XL7 PLC v15.60 should treat this as urgent, especially if PLC management or authentication services are reachable from the network.

Technical summary

The source advisory describes a network-reachable password enumeration/brute-force condition caused by limited password complexity and no password input limiters. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating easy remote exploitation with high confidentiality and integrity impact and no availability impact in the scoring model.

Defensive priority

Immediate

Recommended defensive actions

• Update Horner Automation Cscape to v10.2 SP2 or later.
• Apply the latest firmware for both XL4 and XL7 PLCs.
• Restrict network access to affected PLC interfaces and management services to only trusted administrative sources.
• Use OT network segmentation and defense-in-depth controls to reduce exposure of PLC authentication surfaces.
• Review logs and alerting for repeated or suspicious authentication attempts.
• Consult Horner Automation release notes and CISA ICS recommended practices for deployment-specific guidance.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory ICSA-26-106-02 and the official CVE record metadata in the corpus. The advisory text explicitly states that an attacker with network access can brute-force discover passwords because of limited password complexity and no password input limiters, and it lists vendor remediation to update Cscape and PLC firmware. Published and modified dates in the corpus are both 2026-04-16T06:00:00.000Z.

Official resources