CVE-2026-3893

Name of the Vulnerable Software and Affected Versions Carlson VASCO-B GNSS Receiver (affected versions not specified)

Description The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism. This allows an attacker with network access to directly access and modify its configuration and operational functions without credentials. There have been reports of attackers exploiting this flaw to gain unauthenticated access, escalate privileges, and move laterally through manufacturing networks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Implement runtime segmentation to contain post-compromise activity in critical infrastructure.