CVE-2026-8072 PUBLISHED

Insecure generation of SAT access credentials in Ingecon EMS Board

Assigner: INCIBE
Reserved: 07.05.2026 Published: 12.05.2026 Updated: 12.05.2026

Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.2

Product Status

Vendor Ingeteam
Product Ingecon Sun EMS Board
Versions Default: unaffected
  • affected from 0 to AAX1055CT (incl.)
  • affected from 0 to ABU1001_P (incl.)
  • affected from 0 to ACL1201_B (incl.)
  • affected from 0 to ACL1200AL (incl.)
  • affected from 0 to ABH1027_K (incl.)
  • affected from 0 to ABH1007_Z (incl.)
  • affected from 0 to ABS1009_L (incl.)
  • affected from 0 to ABS1005_T (incl.)
  • affected from 0 to ACB1005_A (incl.)
  • affected from 0 to AAX1031CN (incl.)
  • Version AAX1055CU is unaffected
  • Version ABU1001_Q is unaffected
  • Version ACL1201_C is unaffected
  • Version ACL1200AM is unaffected
  • Version ABH1027_L is unaffected
  • Version ABH1007AA is unaffected
  • Version ABS1009_P is unaffected
  • Version ABS1005_U is unaffected
  • Version ACB1005_C is unaffected
  • Version AAX1031CO is unaffected

Solutions

The risk has been mitigated with the release of a patch applicable to all versions, developed in December 2025. It is recommended that users update to the newer versions.

Credits

  • Rubén Santamarta finder

References

Problem Types

  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE