IM
IronMonkey Threat Research
‹ Back to ICS Advisories

SALTO ProAccess Space

MEDIUM
CVSS 6.5
Date 2026-07-16T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation of this vulnerability allows an authenticated attacker to escalate privileges and access spaces outside their assigned partition, within the same Salto ProAccess Space installation or system. Exploitation requires valid authenticated operator credentials and the partition feature to be enabled; installations without partitioning are not affected.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2026-11889 6.5 medium
SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product.

// Remediations (2)

Patch: To further enhance security after applying the update: 1. Operate ProAccess Space on a protec
To further enhance security after applying the update: 1. Operate ProAccess Space on a protected internal network and avoid exposing it directly to the Internet. 2. Restrict operator-level accounts to the minimum required and apply least-privilege principles. 3. If feasible, disable the partitioning feature and operate under a single partition. 4. When strong tenant separation is required, consider running separate Space instances (isolated environments) rather than relying solely on logical partitioning.
Mitigation: Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13.
Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13.

// References