CVE-2026-24455

The embedded web interface of the device does not support HTTPS/TLS for 
authentication and uses HTTP Basic Authentication. Traffic is encoded 
but not encrypted, exposing user credentials to passive interception by 
attackers on the same network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
icscertCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03