What is CVE-2026-6284?

CVE-2026-6284 is a critical-severity vulnerability in Horner Automation Cscape, classified under Weak Password Requirements. CVSS score: 9.1/10. Published 2026-04-17.

How severe is CVE-2026-6284?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Horner Automation Cscape

CVE-2026-6284

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration…

EPSS: 0.000 (3.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Horner Automation Cscape — versions 10.0
Horner Automation Xl4 Plc — versions 16.32.0
Horner Automation Xl7 Plc — versions 15.60

Weakness classification (CWE)

CWE-521 — Weak Password Requirements

References

Frequently asked questions

What is CVE-2026-6284?: CVE-2026-6284 is a critical-severity vulnerability in Horner Automation Cscape, classified under Weak Password Requirements. CVSS score: 9.1/10. Published 2026-04-17.
How severe is CVE-2026-6284?: Critical severity. CVSS v3 base score is 9.1 out of 10.