top of page
perceptive_background_267k.jpg

Carlson Software VASCO-B GNSS Receiver

Published:

23 April 2026 at 12:00:00

Alert date:

23 April 2026 at 17:04:31

Source:

cisa.gov

Click to open the original link from this advisory

Critical Infrastructure, Mobile & IoT

Critical vulnerability CVE-2026-3893 affects Carlson Software VASCO-B GNSS Receiver versions below 1.4.0. The device lacks authentication mechanisms, allowing remote attackers with network access to directly modify configuration and operational functions without credentials. This missing authentication for critical functions has a CVSS score of 9.4 (Critical). The vulnerability affects critical manufacturing infrastructure worldwide. Carlson Software recommends updating to version 1.4.0 or greater to address this issue. No known public exploitation has been reported to CISA at this time.

Technical details

Mitigation steps:

Affected products:

Carlson Software VASCO-B GNSS Receiver

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-02
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-02.json
https://www.cve.org/CVERecord?id=CVE-2026-3893
https://www.carlsonsw.com/support-and-training/
https://cwe.mitre.org/data/definitions/306.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page