← Back to home
ICSA-26-197-07  ·  Published 2026-07-16  ·  View on CISA ICS-CERT ↗

SALTO ProAccess Space

CVSS 6.5 MEDIUM

Risk Summary

Successful exploitation of this vulnerability allows an authenticated attacker to escalate privileges and access spaces outside their assigned partition, within the same Salto ProAccess Space installation or system. Exploitation requires valid authenticated operator credentials and the partition feature to be enabled; installations without partitioning are not affected.

CVEs (1)

Remediations

  • Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13.
  • To further enhance security after applying the update: 1. Operate ProAccess Space on a protected internal network and avoid exposing it directly to the Internet. 2. Restrict operator-level accounts to the minimum required and apply least-privilege principles. 3. If feasible, disable the partitioning feature and operate under a single partition. 4. When strong tenant separation is required, consider running separate Space instances (isolated environments) rather than relying solely on logical partitioning.

Affected Vendors

SALTO

Affected Products (1)

SALTO · ProAccess Space <6.13

Affected Sectors

Commercial Facilities, Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more