HIGHCVE-2026-3323Published 2026-04-28Modified 2026-04-28CNA CERTVDE

CVE-2026-3323: VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 2

Affected packages

VEGA Grieshaber / VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)
1.0.0
VEGA Grieshaber / VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)
1.1.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

certvde.com
vega.csaf-tp.certvde.com

Metrics