CVE-2026-24790
Received Received - Intake

Remote Authentication Bypass in PLC Allows Unauthorized Control

Vulnerability report for CVE-2026-24790, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-20

Last updated on: 2026-02-20

Assigner: ICS-CERT

Description

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-20
Last Modified
2026-02-20
Generated
2026-07-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
welker welkerscope *
welker welker_jet *
welker odoreyes *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability allows the underlying Programmable Logic Controller (PLC) of a device to be remotely influenced without proper safeguards or authentication.

Impact Analysis

Because the PLC can be remotely influenced without authentication, an attacker could alter the device's behavior, potentially causing high impact on the integrity of the system and a low impact on availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24790. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart