7.5
CVE-2026-3323
- EPSS 0.41%
- Veröffentlicht 28.04.2026 10:24:19
- Zuletzt bearbeitet 11.05.2026 14:58:48
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginVEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vega ≫ Vegapuls 6x Firmware Version1.0.0
Vega ≫ Vegapuls 6x Firmware Version1.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.321 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://certvde.com/en/advisories/VDE-2026-016
https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json