Changeflow GovPing Data Privacy & Cybersecurity Horner Automation Cscape and XL4, XL7 PLC Weak ...
Priority review Notice Added Final

Horner Automation Cscape and XL4, XL7 PLC Weak Password Vulnerability

Favicon for www.cisa.gov CISA ICS-CERT Advisories
Published
Detected
Email

Summary

CISA ICS-CERT published an advisory for Horner Automation Cscape and XL4, XL7 PLCs (CVSS 9.1 CRITICAL) identifying weak password requirements vulnerability. Affected versions include Cscape v10.0, XL7 PLC v15.60, and XL4 PLC v16.32.0. An attacker with network access could brute force discover passwords to gain unauthorized access to systems and services. Vendor fix is available: update to Cscape v10.2 SP2 or later and latest firmware.

Published by CISA on cisa.gov . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

CISA ICS-CERT published advisory ICSA-26-106-02 identifying a critical vulnerability (CVE-2026-6284, CVSS 9.1) in Horner Automation Cscape and XL4, XL7 PLCs. The vulnerability stems from weak password requirements (CWE-521) with no password input limiters, allowing attackers with network access to brute force discover passwords and gain unauthorized system access.

Organizations using affected Horner Automation products should update to Cscape v10.2 SP2 or later and apply the latest firmware updates for XL4 and XL7 PLCs. CISA recommends minimizing network exposure for control system devices, isolating control networks behind firewalls, and using secure remote access methods such as VPNs when remote access is required. No known public exploitation targeting this vulnerability has been reported.

Archived snapshot

Apr 17, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

ICS Advisory

Horner Automation Cscape and XL4, XL7 PLC

Release Date

April 16, 2026

Alert Code ICSA-26-106-02 Related topics: Industrial Control System Vulnerabilities, Industrial Control Systems View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services.

The following versions of Horner Automation Cscape and XL4, XL7 PLC are affected:

  • Cscape v10.0
  • XL7 PLC v15.60
  • XL4 PLC v16.32.0
CVSS Vendor Equipment Vulnerabilities
v3 9.1 Horner Automation Horner Automation Cscape and XL4, XL7 PLC Weak Password Requirements

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: United States

Vulnerabilities

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

View CVE Details

Affected Products

Horner Automation Cscape and XL4, XL7 PLC

Vendor:
Horner Automation Product Version:
Horner Automation Cscape: v10.0, Horner Automation XL7 PLC: v15.60, Horner Automation XL4 PLC: v16.32.0 Product Status:
known_affected

Remediations

Vendor fix
Horner Automation recommends users update to Cscape v10.2 SP2 or later. Horner Automation has also released the latest firmware for both XL4 and XL7 PLCs. Horner recommends users update to the latest version of the firmware. https://hornerautomation.com/cscape-software-free/cscape-software/.
https://hornerautomation.com/cscape-software-free/cscape-software/

Mitigation
For more information, see Horner Automation's release notes.

Relevant CWE: CWE-521 Weak Password Requirements

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Acknowledgments

  • An anonymous researcher reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-04-16
Date Revision Summary
2026-04-16 1 Initial Publication

Legal Notice and Terms of Use

This product is provided subject to this Notification and this Privacy & Use policy.

Vendor

  • Horner Automation

Tags

Sector: Critical Manufacturing Sector Topics: Industrial Control System Vulnerabilities, Industrial Control Systems

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.

Related Advisories

Apr 16, 2026

ICS Advisory | ICSA-26-106-04

AVEVA Pipeline Simulation

Apr 16, 2026

ICS Advisory | ICSA-26-106-03

Anviz Multiple Products

Apr 16, 2026

ICS Advisory | ICSA-26-106-01

Delta Electronics ASDA-Soft

Apr 09, 2026

ICS Advisory | ICSA-26-099-02

GPL Odorizers GPL750

Related changes

Favicon for www.cisa.gov Delta Electronics ASDA-Soft Stack-Based Buffer Overflow Vulnerability
Priority review Apr 17, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov Fortinet FortiClient EMS Improper Access Control Vulnerability Added to KEV Catalog
Urgent Apr 06, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov Hitachi Energy Ellipse Remote Code Execution Vulnerability
Urgent Apr 02, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity

Get daily alerts for CISA ICS-CERT Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cisa.gov
CISA ICS-CERT Advisories cisa.gov/rss.xml
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CISA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CISA
Published
April 16th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
ICSA-26-106-02

Who this affects

Applies to
Manufacturers
Industry sector
3364 Aerospace & Defense
Activity scope
PLC software updates Industrial control system security
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Industrial Control System Vulnerabilities Critical Infrastructure

Browse Categories

Agriculture & Food Safety 65 AI Regulation 3 Banking & Finance 332 Consumer Protection 63 Courts & Legal 361 Data Privacy & Cybersecurity 77 Defense & National Security 51 Education 44 Energy 100 Environment 86 Environmental & Energy 37 Environmental Regulation 7 Financial Regulation 2 Government & Legislation 278 Government Operations 107 Healthcare 142 Healthcare & Life Sciences 72 Housing 16 Immigration 8 Immigration & Border Control 2 Insurance 66 Labor & Employment 126 Legal & Judicial 30 Pharma & Drug Safety 101 Pharma & Healthcare 1 Public Health 2 Real Estate & Housing 59 Sanctions & Export Controls 1 Securities & Investments 28 Securities & Markets 103 Securities Regulation 6 Tax 64 Tax & Revenue 9 Telecom & Technology 47 Trade & Commerce 3 Trade & Sanctions 135 Transportation 85

Get alerts for this source

We'll email you when CISA ICS-CERT Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!