Horner Automation Cscape and XL4, XL7 PLC

Plan PatchCVSS 9.1ICS-CERT ICSA-26-106-02Apr 16, 2026

Horner AutomationManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Horner Automation Cscape software (v10.0) and XL4/XL7 PLC firmware (v15.60 and v16.32.0 respectively) contain a critical vulnerability (CWE-521) that allows remote attackers to gain unauthorized access to systems without authentication. The vulnerability affects the authentication mechanism and could enable attackers to obtain unauthorized control of manufacturing systems and services.

What this means

What could happen

An attacker with network access to Cscape or XL4/XL7 PLCs could gain unauthorized access and control over the affected systems without authentication, potentially allowing them to alter process logic or interrupt manufacturing operations.

Who's at risk

Manufacturing organizations using Horner Automation Cscape software or XL4 and XL7 PLCs should prioritize this vulnerability. Any facility relying on these systems for process control—including discrete manufacturing, chemical processing, and packaging lines—needs immediate attention.

How it could be exploited

An attacker on the network can send unauthenticated requests to Cscape or the PLC firmware to bypass access controls and obtain system access. No valid credentials or user interaction are required—the vulnerability is immediately exploitable from the network level.

Prerequisites

Network access to Cscape application or XL4/XL7 PLC systems
No authentication credentials required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (9.1/10)critical CVSS rating

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (3)

1 with fix2 pending

ProductAffected VersionsFix Status

Cscape: v10.0v10.0Fix available

XL7 PLC: v15.60v15.60No fix yet

XL4 PLC: v16.32.0v16.32.0No fix yet

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to Cscape applications and PLC systems to authorized engineering workstations only using firewall rules

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cscape software to version 10.2 SP2 or later

HOTFIXUpdate XL4 PLC firmware to the latest available version from Horner Automation

HOTFIXUpdate XL7 PLC firmware to the latest available version from Horner Automation

CVEs (1)

CVE-2026-6284

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3090794a-aedc-44f6-afc3-30ab1490b881

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.