| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2026-54800 | 4.8 | medium |
CVE-2026-54800. The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.
|
| CVE-2026-54798 | 6.5 | medium |
CVE-2026-54798. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions.
|
| CVE-2026-54801 | 7.2 | high |
CVE-2026-54801. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.
|
| CVE-2026-54799 | 6.7 | medium |
CVE-2026-54799. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.
|