CISA 2026-04-16

Horner Automation Cscape and XL4, XL7 PLC

CVE-2026-6284

Machine-generated analysis · WAYSCloud LLM

Horner Automation PLCs have weak password requirements allowing network-based brute force attacks. The vendor has released updates for Cscape software and PLC firmware.

Context

Horner Automation produces Cscape software and XL4/XL7 PLCs used in critical manufacturing. The advisory states that weak password complexity and lack of input limiters allow brute force attacks to gain unauthorized access. The affected products are specifically Cscape v10.0, XL7 PLC v15.60, and XL4 PLC v16.32.0.

Operator considerations

Check: Inventory Horner Automation Cscape software and XL4/XL7 PLC versions
Patch: Update Cscape to v10.2 SP2 or later and install latest firmware for XL4/XL7 PLCs
Isolate: Restrict network access to PLCs to authorized systems only

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services.

The following versions of Horner Automation Cscape and XL4, XL7 PLC are affected:

Cscape v10.0

XL7 PLC v15.60

XL4 PLC v16.32.0

Vendor

Equipment

Horner Automation

Horner Automation Cscape and XL4, XL7 PLC

Weak Password Requirements

Critical Infrastructure Sectors: Critical Manufacturing

Countries/Areas Deployed: Worldwide

Company Headquarters Location: United States

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

Horner Automation Cscape and XL4, XL7 PLC

MitigationFor more information, see Horner Automation's release notes.

Relevant CWE: CWE-521 Weak ...

Read the full advisory on CISA →