PT-2026-40003 · Ingecon · Sun Ems Board
Rubén Santamarta
·
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2026-8072
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Ingecon Sun EMS Board versions AAX1055CT and earlier
Ingecon Sun EMS Board versions ABU1001 P and earlier
Ingecon Sun EMS Board versions ACL1201 B and earlier
Ingecon Sun EMS Board versions ACL1200AL and earlier
Ingecon Sun EMS Board versions ABH1027 K and earlier
Ingecon Sun EMS Board versions ABH1007 Z and earlier
Ingecon Sun EMS Board versions ABS1009 L and earlier
Ingecon Sun EMS Board versions ABS1005 T and earlier
Ingecon Sun EMS Board versions ACB1005 A and earlier
Ingecon Sun EMS Board versions AAX1031CN and earlier
Description
Insecure generation of credentials in the local SAT (Technical Support) access functionality occurs because secret access credentials are based on a weak hashing algorithm rather than a secure cryptographic scheme. This allows an attacker to predict or brute-force credentials, leading to privilege escalation and unauthorized high-privilege access on the device.
Recommendations
Upgrade to the versions released on April 28, 2026.
Fix
LPE
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sun Ems Board