Brute Force Password Vulnerability in Horner Automation PLC Systems
CVE-2026-6284

9.3CRITICAL

Key Information:

Vendor: Horner Automation
Status: Cscape; Xl7 Plc; Xl4 Plc
Vendor: CVE Published:; 17 April 2026

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2026-6284?

A vulnerability exists in Horner Automation's Cscape Software that allows an attacker with network access to the PLC to exploit weak password settings. This vulnerability stems from limited password complexity requirements and the absence of input limiters, which facilitates brute force attempts to discover passwords. Such weaknesses can lead to unauthorized access to critical systems and services, posing a significant risk to operational security.

Affected Version(s)

Cscape 10.0

XL4 PLC 16.32.0

XL7 PLC 15.60

References

https://hornerautomation.com/cscape-software-free/cscape-...

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 14, 2026

Credit

An anonymous researcher reported this vulnerability to CISA

CVE-2026-6284 Data

JSON