Vulnerability-Lookup

CVE-2026-1453 (GCVE-0-2026-1453)

Vulnerability from cvelistv5 – Published: 2026-01-29 19:02 – Updated: 2026-01-29 20:28

Title

Missing Authentication for Critical Function in KiloView Encoder Series

Summary

A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.

Severity

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

icscert

References

2 references

URL	Tags
https://www.cisa.gov/news-events/ics-advisories/i…
https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

10 products

Vendor	Product	Version
KiloView	Encoder Series E1 hardware Version 1.4	Affected: 4.7.2516
KiloView	Encoder Series E1 hardware Version 1.6.20	Affected: 4.7.2511 Affected: 4.8.2523 Affected: 4.8.2611 Affected: 4.6.2400 Affected: 4.7.2512 Affected: 4.8.2561 Affected: 4.8.2554 Affected: 4.3.2029 Affected: 4.8.2555 Affected: 4.6.2408
KiloView	Encoder Series E1-s hardware Version 1.4	Affected: 4.7.2516 Affected: 4.8.2519 Affected: 4.8.2525 Affected: 4.8.2611 Affected: 4.8.2561 Affected: 4.8.2554 Affected: 4.8.2523
KiloView	Encoder Series E2 hardware Version 1.7.20	Affected: 4.8.2611 Affected: 4.8.2561
KiloView	Encoder Series E2 hardware Version 1.8.20	Affected: 4.8.2523 Affected: 4.8.2611 Affected: 4.8.2554
KiloView	Encoder Series G1 hardware Version 1.6.20	Affected: 4.8.2561
KiloView	Encoder Series P1 hardware Version 1.3.20	Affected: 4.8.2633 Affected: 4.8.2608
KiloView	Encoder Series P2 hardware Version 1.8.20	Affected: 4.8.2633
KiloView	Encoder Series RE1 hardware Version 2.0.00	Affected: 4.7.2513
KiloView	Encoder Series RE1 hardware Version 3.0.00	Affected: 4.8.2519 Affected: 4.8.2561 Affected: 4.8.2611 Affected: 4.8.2525

Credits

Muhammad Ammar (0xam225) reported this vulnerability to CISA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1453",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T20:28:37.966375Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T20:28:55.866Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series E1 hardware Version 1.4",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.2516"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series E1 hardware Version 1.6.20",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.2511"
            },
            {
              "status": "affected",
              "version": "4.8.2523"
            },
            {
              "status": "affected",
              "version": "4.8.2611"
            },
            {
              "status": "affected",
              "version": "4.6.2400"
            },
            {
              "status": "affected",
              "version": "4.7.2512"
            },
            {
              "status": "affected",
              "version": "4.8.2561"
            },
            {
              "status": "affected",
              "version": "4.8.2554"
            },
            {
              "status": "affected",
              "version": "4.3.2029"
            },
            {
              "status": "affected",
              "version": "4.8.2555"
            },
            {
              "status": "affected",
              "version": "4.6.2408"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series E1-s hardware Version 1.4",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.2516"
            },
            {
              "status": "affected",
              "version": "4.8.2519"
            },
            {
              "status": "affected",
              "version": "4.8.2525"
            },
            {
              "status": "affected",
              "version": "4.8.2611"
            },
            {
              "status": "affected",
              "version": "4.8.2561"
            },
            {
              "status": "affected",
              "version": "4.8.2554"
            },
            {
              "status": "affected",
              "version": "4.8.2523"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series E2 hardware Version 1.7.20",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.2611"
            },
            {
              "status": "affected",
              "version": "4.8.2561"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series E2 hardware Version 1.8.20",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.2523"
            },
            {
              "status": "affected",
              "version": "4.8.2611"
            },
            {
              "status": "affected",
              "version": "4.8.2554"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series G1 hardware Version 1.6.20",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.2561"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series P1 hardware Version 1.3.20",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.2633"
            },
            {
              "status": "affected",
              "version": "4.8.2608"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series P2 hardware Version 1.8.20",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.2633"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series RE1 hardware Version 2.0.00",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.2513"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Encoder Series RE1 hardware Version 3.0.00",
          "vendor": "KiloView",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.2519"
            },
            {
              "status": "affected",
              "version": "4.8.2561"
            },
            {
              "status": "affected",
              "version": "4.8.2611"
            },
            {
              "status": "affected",
              "version": "4.8.2525"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Muhammad Ammar (0xam225) reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.\u003cbr\u003e"
            }
          ],
          "value": "A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "other": {
            "content": {
              "options": [
                {
                  "Exploitation": "none"
                },
                {
                  "Automatable": "yes"
                },
                {
                  "Technical Impact": "total"
                }
              ],
              "role": "CNA",
              "version": "2.0.3"
            },
            "type": "ssvc"
          },
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T19:02:26.431Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing Authentication for Critical Function in KiloView Encoder Series",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "KiloView has not responded to requests to work with CISA to mitigate \nthis vulnerability. Users of affected versions of KiloView Encoder \nSeries are invited to contact KiloView customer support for additional \ninformation.\n\n\u003cbr\u003e"
            }
          ],
          "value": "KiloView has not responded to requests to work with CISA to mitigate \nthis vulnerability. Users of affected versions of KiloView Encoder \nSeries are invited to contact KiloView customer support for additional \ninformation."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-1453",
    "datePublished": "2026-01-29T19:02:26.431Z",
    "dateReserved": "2026-01-26T19:48:46.732Z",
    "dateUpdated": "2026-01-29T20:28:55.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-1453",
      "date": "2026-05-29",
      "epss": "0.0011",
      "percentile": "0.28972"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-1453\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2026-01-29T19:16:18.987\",\"lastModified\":\"2026-02-04T16:34:21.763\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1453\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-29T20:28:37.966375Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T20:28:48.081Z\"}}], \"cna\": {\"title\": \"Missing Authentication for Critical Function in KiloView Encoder Series\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Muhammad Ammar (0xam225) reported this vulnerability to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"role\": \"CNA\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\"}}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"KiloView\", \"product\": \"Encoder Series E1 hardware Version 1.4\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.2516\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"KiloView\", \"product\": \"Encoder Series E1 hardware Version 1.6.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.2511\"}, {\"status\": \"affected\", \"version\": \"4.8.2523\"}, {\"status\": \"affected\", \"version\": \"4.8.2611\"}, {\"status\": \"affected\", \"version\": \"4.6.2400\"}, {\"status\": \"affected\", \"version\": \"4.7.2512\"}, {\"status\": \"affected\", \"version\": \"4.8.2561\"}, {\"status\": \"affected\", \"version\": \"4.8.2554\"}, {\"status\": \"affected\", \"version\": \"4.3.2029\"}, {\"status\": \"affected\", \"version\": \"4.8.2555\"}, {\"status\": \"affected\", \"version\": \"4.6.2408\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"KiloView\", \"product\": \"Encoder Series E1-s hardware Version 1.4\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.2516\"}, {\"status\": \"affected\", \"version\": \"4.8.2519\"}, {\"status\": \"affected\", \"version\": \"4.8.2525\"}, {\"status\": \"affected\", \"version\": \"4.8.2611\"}, {\"status\": \"affected\", \"version\": \"4.8.2561\"}, {\"status\": \"affected\", \"version\": \"4.8.2554\"}, {\"status\": \"affected\", \"version\": \"4.8.2523\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"KiloView\", \"product\": \"Encoder Series E2 hardware Version 1.7.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.2611\"}, {\"status\": \"affected\", \"version\": \"4.8.2561\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"KiloView\", \"product\": \"Encoder Series E2 hardware Version 1.8.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.2523\"}, {\"status\": \"affected\", \"version\": \"4.8.2611\"}, {\"status\": \"affected\", \"version\": \"4.8.2554\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"KiloView\", \"product\": \"Encoder Series G1 hardware Version 1.6.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.2561\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"KiloView\", \"product\": \"Encoder Series P1 hardware Version 1.3.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.2633\"}, {\"status\": \"affected\", \"version\": \"4.8.2608\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"KiloView\", \"product\": \"Encoder Series P2 hardware Version 1.8.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.2633\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"KiloView\", \"product\": \"Encoder Series RE1 hardware Version 2.0.00\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.2513\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"KiloView\", \"product\": \"Encoder Series RE1 hardware Version 3.0.00\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.2519\"}, {\"status\": \"affected\", \"version\": \"4.8.2561\"}, {\"status\": \"affected\", \"version\": \"4.8.2611\"}, {\"status\": \"affected\", \"version\": \"4.8.2525\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01\"}, {\"url\": \"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"KiloView has not responded to requests to work with CISA to mitigate \\nthis vulnerability. Users of affected versions of KiloView Encoder \\nSeries are invited to contact KiloView customer support for additional \\ninformation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"KiloView has not responded to requests to work with CISA to mitigate \\nthis vulnerability. Users of affected versions of KiloView Encoder \\nSeries are invited to contact KiloView customer support for additional \\ninformation.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2026-01-29T19:02:26.431Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-1453\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-29T20:28:55.866Z\", \"dateReserved\": \"2026-01-26T19:48:46.732Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2026-01-29T19:02:26.431Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-1453

Vulnerability from fkie_nvd - Published: 2026-01-29 19:16 - Updated: 2026-04-15 00:35

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json
	ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ausencia de autenticaci\u00f3n para funci\u00f3n cr\u00edtica en la serie de codificadores KiloView podr\u00eda permitir a un atacante no autenticado crear o eliminar cuentas de administrador. Esta vulnerabilidad puede otorgar al atacante control administrativo total sobre el producto."
    }
  ],
  "id": "CVE-2026-1453",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-29T19:16:18.987",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    }
  ]
}

GHSA-X5QW-M467-VGQ3

Vulnerability from github – Published: 2026-01-29 21:30 – Updated: 2026-01-29 21:30

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-1453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-29T19:16:18Z",
    "severity": "CRITICAL"
  },
  "details": "A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.",
  "id": "GHSA-x5qw-m467-vgq3",
  "modified": "2026-01-29T21:30:30Z",
  "published": "2026-01-29T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1453"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

ICSA-26-029-01

Vulnerability from csaf_cisa - Published: 2026-01-29 07:00 - Updated: 2026-02-05 07:00

Summary

KiloView Encoder Series (Update A)

Notes

Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Risk evaluation: Successful exploitation of this vulnerability could allow an unauthenticated attacker to create or delete administrator accounts, granting full administrative control.

Critical infrastructure sectors: Communications, Information Technology

Countries/areas deployed: Worldwide

Company headquarters location: China

Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices: Do not click web links or open attachments in unsolicited email messages.

Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Recommended Practices: No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

CVE-2026-1453

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 - Missing Authentication for Critical Function

Affected products

Known affected 10 products

Product	Version	Remediation
KiloView Encoder Series E1 hardware Version 1.4: Software_4.7.2516 KiloView / Encoder Series E1 hardware Version 1.4	Software_4.7.2516	Mitigation Mitigation fix
KiloView Encoder Series E1 hardware Version 1.6.20: 4.7.2511\|4.8.2523\|4.8.2611\|4.6.2400\|4.7.2512\|4.8.2561\|4.8.2554\|4.3.2029\|4.8.2555\|4.6.2408 KiloView / Encoder Series E1 hardware Version 1.6.20	4.7.2511\|4.8.2523\|4.8.2611\|4.6.2400\|4.7.2512\|4.8.2561\|4.8.2554\|4.3.2029\|4.8.2555\|4.6.2408	Mitigation Mitigation fix
KiloView Encoder Series E1-s hardware Version 1.4: 4.7.2516\|4.8.2519\|4.8.2525\|4.8.2611\|4.8.2561\|4.8.2554\|4.8.2523 KiloView / Encoder Series E1-s hardware Version 1.4	4.7.2516\|4.8.2519\|4.8.2525\|4.8.2611\|4.8.2561\|4.8.2554\|4.8.2523	Mitigation Mitigation fix
KiloView Encoder Series E2 hardware Version 1.7.20: 4.8.2611\|4.8.2561 KiloView / Encoder Series E2 hardware Version 1.7.20	4.8.2611\|4.8.2561	Mitigation Mitigation fix
KiloView Encoder Series E2 hardware Version 1.8.20: 4.8.2523\|4.8.2611\|4.8.2554 KiloView / Encoder Series E2 hardware Version 1.8.20	4.8.2523\|4.8.2611\|4.8.2554	Mitigation Mitigation fix
KiloView Encoder Series G1 hardware Version 1.6.20: Software_4.8.2561 KiloView / Encoder Series G1 hardware Version 1.6.20	Software_4.8.2561	Mitigation Mitigation fix
KiloView Encoder Series P1 hardware Version 1.3.20: 4.8.2633\|4.8.2608 KiloView / Encoder Series P1 hardware Version 1.3.20	4.8.2633\|4.8.2608	Mitigation Mitigation fix
KiloView Encoder Series P2 hardware Version 1.8.20: Software_4.8.2633 KiloView / Encoder Series P2 hardware Version 1.8.20	Software_4.8.2633	Mitigation Mitigation fix
KiloView Encoder Series RE1 hardware Version 2.0.00: Software_4.7.2513 KiloView / Encoder Series RE1 hardware Version 2.0.00	Software_4.7.2513	Mitigation Mitigation fix
KiloView Encoder Series RE1 hardware Version 3.0.00: 4.8.2519\|4.8.2561\|4.8.2611\|4.8.2525 KiloView / Encoder Series RE1 hardware Version 3.0.00	4.8.2519\|4.8.2561\|4.8.2611\|4.8.2525	Mitigation Mitigation fix

References

17 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://www.cisa.gov/uscert/sites/default/files/p…	external
https://www.cisa.gov/uscert/ncas/tips/ST04-014	external
https://www.cisa.gov/news-events/ics-alerts/ics-a…	external
https://www.cisa.gov/sites/default/files/recommen…	external
https://www.cisa.gov/news-events/news/targeted-cy…	external
https://www.cisa.gov/secure-our-world/teach-emplo…	external
https://www.cisa.gov/news-events/news/avoiding-so…	external
https://cwe.mitre.org/data/definitions/306.html	external
https://www.cve.org/CVERecord?id=CVE-2026-1453	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://www.first.org/cvss/calculator/4.0#CVSS:4.…	external

Acknowledgments

Muhammad Ammar (0xam225)

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Muhammad Ammar (0xam225)"
        ],
        "summary": "reported this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow an unauthenticated attacker to create or delete administrator accounts, granting full administrative control. ",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Communications, Information Technology",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "China",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Do not click web links or open attachments in unsolicited email messages.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-26-029-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-029-01.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-26-029-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
      }
    ],
    "title": "KiloView Encoder Series (Update A)",
    "tracking": {
      "current_release_date": "2026-02-05T07:00:00.000000Z",
      "generator": {
        "date": "2026-02-04T21:38:37.871883Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-26-029-01",
      "initial_release_date": "2026-01-29T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2026-01-29T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2026-02-05T07:00:00.000000Z",
          "legacy_version": "Update A",
          "number": "2",
          "summary": "Update A - Affected products are end-of-life"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Software_4.7.2516",
                "product": {
                  "name": "KiloView Encoder Series E1 hardware Version 1.4: Software_4.7.2516",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series E1 hardware Version 1.4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "4.7.2511|4.8.2523|4.8.2611|4.6.2400|4.7.2512|4.8.2561|4.8.2554|4.3.2029|4.8.2555|4.6.2408",
                "product": {
                  "name": "KiloView Encoder Series E1 hardware Version 1.6.20: 4.7.2511|4.8.2523|4.8.2611|4.6.2400|4.7.2512|4.8.2561|4.8.2554|4.3.2029|4.8.2555|4.6.2408",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series E1 hardware Version 1.6.20"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "4.7.2516|4.8.2519|4.8.2525|4.8.2611|4.8.2561|4.8.2554|4.8.2523",
                "product": {
                  "name": "KiloView Encoder Series E1-s hardware Version 1.4: 4.7.2516|4.8.2519|4.8.2525|4.8.2611|4.8.2561|4.8.2554|4.8.2523",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series E1-s hardware Version 1.4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "4.8.2611|4.8.2561",
                "product": {
                  "name": "KiloView Encoder Series E2 hardware Version 1.7.20: 4.8.2611|4.8.2561",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series E2 hardware Version 1.7.20"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "4.8.2523|4.8.2611|4.8.2554",
                "product": {
                  "name": "KiloView Encoder Series E2 hardware Version 1.8.20: 4.8.2523|4.8.2611|4.8.2554",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series E2 hardware Version 1.8.20"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Software_4.8.2561",
                "product": {
                  "name": "KiloView Encoder Series G1 hardware Version 1.6.20: Software_4.8.2561",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series G1 hardware Version 1.6.20"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "4.8.2633|4.8.2608",
                "product": {
                  "name": "KiloView Encoder Series P1 hardware Version 1.3.20: 4.8.2633|4.8.2608",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series P1 hardware Version 1.3.20"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Software_4.8.2633",
                "product": {
                  "name": "KiloView Encoder Series P2 hardware Version 1.8.20: Software_4.8.2633",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series P2 hardware Version 1.8.20"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Software_4.7.2513",
                "product": {
                  "name": "KiloView Encoder Series RE1 hardware Version 2.0.00: Software_4.7.2513",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series RE1 hardware Version 2.0.00"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "4.8.2519|4.8.2561|4.8.2611|4.8.2525",
                "product": {
                  "name": "KiloView Encoder Series RE1 hardware Version 3.0.00: 4.8.2519|4.8.2561|4.8.2611|4.8.2525",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "Encoder Series RE1 hardware Version 3.0.00"
          }
        ],
        "category": "vendor",
        "name": "KiloView"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-1453",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.",
          "title": "Vulnerability Summary"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:N/A:Y/T:T/M:M/D:T/2026-02-04T07:00:00.000000Z",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/306.html"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1453"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "KiloView states that these specific hardware versions are end-of-life; therefore, no patches will be released due to hardware limitations. KiloView recommends that users implement mitigation measures such as network isolation or upgrade to newer hardware generations.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users of affected versions of KiloView Encoder Series are invited to contact KiloView customer support at https://www.kiloview.com/contact/ for additional information.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ],
          "url": "https://www.kiloview.com/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-1453 (GCVE-0-2026-1453)

FKIE_CVE-2026-1453

GHSA-X5QW-M467-VGQ3

ICSA-26-029-01

Tags

Sightings

Nomenclature