← Back to home
ICSA-26-106-02  ·  Published 2026-04-16  ·  View on CISA ICS-CERT ↗

Horner Automation Cscape and XL4, XL7 PLC

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services.

CVEs (1)

Remediations

  • Horner Automation recommends users update to Cscape v10.2 SP2 or later. Horner Automation has also released the latest firmware for both XL4 and XL7 PLCs. Horner recommends users update to the latest version of the firmware. https://hornerautomation.com/cscape-software-free/cscape-software/.
  • For more information, see Horner Automation's release notes.

Affected Vendors

Horner Automation

Affected Products (3)

Horner Automation · Cscape v10.0
Horner Automation · XL7 PLC v15.60
Horner Automation · XL4 PLC v16.32.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more