CVE-2026-24790

High

Published: 20 February 2026

Published

20 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS Score 0.0011 29.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 directly addresses missing authentication for critical functions by requiring identification of actions allowable without authentication and authorization of such actions, preventing unauthorized remote influence of the PLC.

AC-17 Remote Access good match

prevent

AC-17 mandates authorization, monitoring, and protection of remote access, countering the vulnerability's network-accessible remote influence without safeguards.

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved access authorizations, blocking unauthorized modifications and disruptions to PLC operations resulting from lack of authentication.

Security SummaryAI

CVE-2026-24790 is a vulnerability (CWE-306: Missing Authentication for Critical Function) in the underlying Programmable Logic Controller (PLC) of the device, which allows remote influence without proper safeguards or authentication. Published on 2026-02-20T17:25:51.313, it has a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L), indicating high severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.

Remote attackers with network access to the affected device can exploit this vulnerability without authentication to influence the PLC's operations. Successful exploitation enables high-impact integrity violations, such as unauthorized modifications to PLC functions, alongside low-impact availability disruptions, while confidentiality remains unaffected.

CISA ICS Advisory ICSA-26-050-04, detailed at https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-04 and in CSAF format at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-04.json, provides mitigation guidance; vendor contact information is available at https://www.welker.com/contact-us/welker-team.

Details

CWE(s): CWE-306

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated remote exploitation of a network-accessible PLC due to missing authentication (CWE-306), directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-04.json
ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-04
ics-cert@hq.dhs.gov
https://www.welker.com/contact-us/welker-team
ics-cert@hq.dhs.gov