CRITICALCVE-2026-8072Published Modified CNA INCIBE
CVE-2026-8072: Insecure generation of SAT access credentials in Ingecon EMS Board
Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation.
Metrics
- CVSS v4.0
- 9.2
- Severity
- CRITICAL
- Fixed in
- AAX1031CO
- Affected Products
- 1
Fix available
AAX1031COAAX1055CUABH1007AAABH1027_LABS1005_UABS1009_PABU1001_QACB1005_CACL1200AMACL1201_C
Patch commits
Affected packages
- Ingeteam / Ingecon Sun EMS Board≤ AAX1055CT · ≤ ABU1001_P · ≤ ACL1201_B · ≤ ACL1200AL · ≤ ABH1027_K · ≤ ABH1007_ZFixed in AAX1055CU, ABU1001_Q, ACL1201_C, ACL1200AM, ABH1027_L, ABH1007AA, ABS1009_P, ABS1005_U, ACB1005_C, AAX1031CO
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences