CISA 2026-04-23

Carlson Software VASCO-B GNSS Receiver

CVE-2026-3893

Machine-generated analysis · WAYSCloud LLM

GNSS receiver lacks authentication for configuration access. The advisory notes deployment in critical manufacturing sectors worldwide.

Context

The Carlson Software VASCO-B GNSS Receiver is a global navigation satellite system device. The advisory states versions before 1.4.0 lack authentication, allowing network-accessible attackers to modify configuration and operational functions. The source explicitly notes these devices are used in critical manufacturing sectors and deployed worldwide.

Operator considerations

Check: Inventory all Carlson VASCO-B GNSS Receiver devices for versions before 1.4.0
Isolate: Ensure GNSS receivers are not accessible from untrusted networks
Patch: Upgrade to VASCO-B GNSS Receiver version 1.4.0 or later

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation.

The following versions of Carlson Software VASCO-B GNSS Receiver are affected:

VASCO-B GNSS Receiver

Read the full advisory on CISA →