Apr 16, 2026highcritical-infrastructure

Horner Automation Cscape and XL4, XL7 PLC

Horner Automation's Cscape engineering software and XL4/XL7 PLCs used in critical manufacturing have a weak password requirements vulnerability (CVE-2026-6284, CVSS 9.1) that allows network-accessible attackers to brute force credentials with no rate limiting or complexity enforcement. Affected versions include Cscape v10.0, XL7 PLC v15.60, and XL4 PLC v16.32.0. Developers and engineers integrating or managing industrial control systems should apply patches or mitigations immediately, as successful exploitation could grant unauthorized access to operational technology environments.

what's affectedversions include Cscape v10

mitigation statusMonitoring updates

first reportedApr 16, 2026

social pulse

mentions (24h)714

velocitytrend up

mentions delta+14% vs yesterday

platform splitX 75% · Reddit 25% · GitHub 8%

keywords

critical-infrastructurevulnerabilitymitigation

x analyticsheat 0

authors 0verified 0%

likes0

retweets0

replies0

quotes0

summaryConversation is accelerating with active-response chatter and exploit validation.

sources

https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02

Curated Apr 16, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.

Grace Your AI security internreadyGrace is ready

Grounded in this brief only — Horner Automation Cscape and XL4, XL7 PLC. Press ⌘K any time.

You're answering aschange anytime

Pick a playor type your own ↓

Tone

Pick a play above, or type your question

Generate an answer and Grace will return a grounded response for this incident.

scanning advisory feeds…