CVE-2026-4901: CWE-532: Insertion of Sensitive Information into Log File in Hydrosystem Control System
Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized user.This issue was fixed in Hydrosystem Control System version 9.8.5
AI Analysis
Technical Summary
The Hydrosystem Control System prior to version 9.8.5 logs sensitive information such as user credentials into log files, violating secure logging practices (CWE-532). This can enable attackers to retrieve credentials and escalate access within the system. The vulnerability is rated medium severity with a CVSS 4.0 score of 6.9, indicating network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality. The issue is fixed in version 9.8.5, but no direct patch link or remediation advisory is provided in the input data.
Potential Impact
An attacker who can access the log files may obtain sensitive user credentials, potentially allowing unauthorized access or privilege escalation within the Hydrosystem Control System. This could compromise system integrity and confidentiality. The vulnerability's impact is significant enough to warrant a medium severity rating but does not indicate direct remote code execution or system takeover by itself.
Mitigation Recommendations
Upgrade the Hydrosystem Control System to version 9.8.5 or later, where this vulnerability has been fixed. Since no official patch link or advisory is provided, verify the upgrade path with the vendor. Patch status is not yet confirmed from the vendor advisory content in this data; check the vendor's official resources for current remediation guidance.
CVE-2026-4901: CWE-532: Insertion of Sensitive Information into Log File in Hydrosystem Control System
Description
Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized user.This issue was fixed in Hydrosystem Control System version 9.8.5
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Hydrosystem Control System prior to version 9.8.5 logs sensitive information such as user credentials into log files, violating secure logging practices (CWE-532). This can enable attackers to retrieve credentials and escalate access within the system. The vulnerability is rated medium severity with a CVSS 4.0 score of 6.9, indicating network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality. The issue is fixed in version 9.8.5, but no direct patch link or remediation advisory is provided in the input data.
Potential Impact
An attacker who can access the log files may obtain sensitive user credentials, potentially allowing unauthorized access or privilege escalation within the Hydrosystem Control System. This could compromise system integrity and confidentiality. The vulnerability's impact is significant enough to warrant a medium severity rating but does not indicate direct remote code execution or system takeover by itself.
Mitigation Recommendations
Upgrade the Hydrosystem Control System to version 9.8.5 or later, where this vulnerability has been fixed. Since no official patch link or advisory is provided, verify the upgrade path with the vendor. Patch status is not yet confirmed from the vendor advisory content in this data; check the vendor's official resources for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-03-26T14:59:49.077Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d779fb1cc7ad14da954be7
Added to database: 4/9/2026, 10:05:47 AM
Last enriched: 4/9/2026, 10:20:56 AM
Last updated: 4/9/2026, 12:38:52 PM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.