CVE-2026-3323: CWE-306 Missing Authentication for Critical Function in VEGA Grieshaber VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)
CVE-2026-3323 is a high-severity vulnerability affecting VEGA Grieshaber VEGAPULS 6X Two-wire devices using PROFINET, Modbus TCP, and OPC UA protocols. The issue arises from a missing authentication mechanism on a critical configuration interface, allowing unauthenticated remote attackers to access sensitive information such as hashed credentials and access codes. There is no official patch or remediation guidance currently available from the vendor. The vulnerability has not been reported as exploited in the wild. Due to the lack of authentication, attackers can gain unauthorized read access but cannot modify device functions or cause availability impacts based on current information.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-3323) involves a missing authentication control (CWE-306) on a critical configuration interface of the VEGA Grieshaber VEGAPULS 6X Two-wire device family supporting PROFINET, Modbus TCP, and OPC UA (Ethernet-APL). The unsecured interface permits remote unauthenticated attackers to retrieve sensitive data including hashed credentials and access codes. The CVSS 3.1 base score is 7.5, reflecting high confidentiality impact with no integrity or availability impact. The vulnerability affects version 1.0.0 of the product. No patch or official remediation level has been published by the vendor as of the publication date.
Potential Impact
The vulnerability allows unauthorized remote attackers to access sensitive information such as hashed credentials and access codes, potentially compromising device security and confidentiality. There is no indication that attackers can alter device functions or disrupt availability. No known exploits have been reported in the wild, but the exposure of credential hashes could facilitate further attacks if attackers can crack or misuse them.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the affected device's configuration interface to trusted and authenticated users only. Monitor for unusual access attempts and consider network segmentation to limit exposure. Do not rely on this vulnerability being mitigated without vendor confirmation.
CVE-2026-3323: CWE-306 Missing Authentication for Critical Function in VEGA Grieshaber VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)
Description
CVE-2026-3323 is a high-severity vulnerability affecting VEGA Grieshaber VEGAPULS 6X Two-wire devices using PROFINET, Modbus TCP, and OPC UA protocols. The issue arises from a missing authentication mechanism on a critical configuration interface, allowing unauthenticated remote attackers to access sensitive information such as hashed credentials and access codes. There is no official patch or remediation guidance currently available from the vendor. The vulnerability has not been reported as exploited in the wild. Due to the lack of authentication, attackers can gain unauthorized read access but cannot modify device functions or cause availability impacts based on current information.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-3323) involves a missing authentication control (CWE-306) on a critical configuration interface of the VEGA Grieshaber VEGAPULS 6X Two-wire device family supporting PROFINET, Modbus TCP, and OPC UA (Ethernet-APL). The unsecured interface permits remote unauthenticated attackers to retrieve sensitive data including hashed credentials and access codes. The CVSS 3.1 base score is 7.5, reflecting high confidentiality impact with no integrity or availability impact. The vulnerability affects version 1.0.0 of the product. No patch or official remediation level has been published by the vendor as of the publication date.
Potential Impact
The vulnerability allows unauthorized remote attackers to access sensitive information such as hashed credentials and access codes, potentially compromising device security and confidentiality. There is no indication that attackers can alter device functions or disrupt availability. No known exploits have been reported in the wild, but the exposure of credential hashes could facilitate further attacks if attackers can crack or misuse them.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the affected device's configuration interface to trusted and authenticated users only. Monitor for unusual access attempts and consider network segmentation to limit exposure. Do not rely on this vulnerability being mitigated without vendor confirmation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERTVDE
- Date Reserved
- 2026-02-27T11:10:05.931Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f0912acbff5d8610facea9
Added to database: 4/28/2026, 10:51:22 AM
Last enriched: 4/28/2026, 11:06:20 AM
Last updated: 4/28/2026, 12:25:23 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.