ICSA-26-197-07
·
Published 2026-07-16
·
View on CISA ICS-CERT ↗
SALTO ProAccess Space
CVSS 6.5
MEDIUM
Risk Summary
Successful exploitation of this vulnerability allows an authenticated attacker to escalate privileges and access spaces outside their assigned partition, within the same Salto ProAccess Space installation or system. Exploitation requires valid authenticated operator credentials and the partition feature to be enabled; installations without partitioning are not affected.
CVEs (1)
Remediations
- Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13.
- To further enhance security after applying the update: 1. Operate ProAccess Space on a protected internal network and avoid exposing it directly to the Internet. 2. Restrict operator-level accounts to the minimum required and apply least-privilege principles. 3. If feasible, disable the partitioning feature and operate under a single partition. 4. When strong tenant separation is required, consider running separate Space instances (isolated environments) rather than relying solely on logical partitioning.
Affected Vendors
SALTO
Affected Products (1)
SALTO
·
ProAccess Space
<6.13
Affected Sectors
Commercial Facilities, Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more