{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26342", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-13T17:28:43.054Z", "datePublished": "2026-02-24T18:41:09.935Z", "dateUpdated": "2026-03-05T01:31:07.547Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Smart+", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Tolling+", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Smart+ Speed", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Smart+ Traffic Light", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Axle Counter", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Vega53", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Vega33", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Vega11", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Basic MK2", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "ANPR Mobile", "vendor": "Tattile s.r.l.", "versions": [{"lessThanOrEqual": "1.181.5", "status": "affected", "version": "0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:iptime:smart_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.181.5"}]}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic of Zero Science Lab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data."}], "value": "Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-05T01:31:07.547Z"}, "references": [{"tags": ["technical-description", "exploit"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php"}, {"tags": ["product"], "url": "https://www.tattile.com/"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/tattile-smart-vega-basic-insufficient-session-token-expiration"}], "source": {"discovery": "EXTERNAL"}, "title": "Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T19:34:16.951778Z", "id": "CVE-2026-26342", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T19:58:40.958Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26342", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-26T19:34:16.951778Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T19:57:38.964Z"}}], "cna": {"title": "Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic of Zero Science Lab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Tattile s.r.l.", "product": "Smart+", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}, {"vendor": "Tattile s.r.l.", "product": "Tolling+", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}, {"vendor": "Tattile s.r.l.", "product": "Smart+ Speed", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}, {"vendor": "Tattile s.r.l.", "product": "Smart+ Traffic Light", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}, {"vendor": "Tattile s.r.l.", "product": "Axle Counter", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}, {"vendor": "Tattile s.r.l.", "product": "Vega53", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}, {"vendor": "Tattile s.r.l.", "product": "Vega33", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}, {"vendor": "Tattile s.r.l.", "product": "Vega11", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}, {"vendor": "Tattile s.r.l.", "product": "Basic MK2", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}, {"vendor": "Tattile s.r.l.", "product": "ANPR Mobile", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.181.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php", "tags": ["technical-description", "exploit"]}, {"url": "https://www.tattile.com/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/tattile-smart-vega-basic-insufficient-session-token-expiration", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.", "supportingMedia": [{"type": "text/html", "value": "Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:iptime:smart_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.181.5"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-05T01:31:07.547Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26342", "state": "PUBLISHED", "dateUpdated": "2026-03-05T01:31:07.547Z", "dateReserved": "2026-02-13T17:28:43.054Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-02-24T18:41:09.935Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:smart\\+_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "75DF648A-23A7-4CD7-A7AA-EC4E5041C11A", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:smart\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "B19D09F0-9D90-4D42-8866-351C464B45BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:tolling\\+_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CC79296-730F-40BF-A4CC-CB711452BFCF", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:tolling\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "7085AB6F-B3A7-48B3-996A-DF842B2D7217", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:smart\\+_speed_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FCA661E-7976-4F6A-A79E-FFC3355C4A90", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:smart\\+_speed:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3DE404C-063D-4775-9C8B-972D5C34B128", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:smart\\+_traffic_light_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "83B0F41B-E7F4-4D72-B041-A27AC19EF8BA", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:smart\\+_traffic_light:-:*:*:*:*:*:*:*", "matchCriteriaId": "9648971C-A3ED-4E3C-AC58-EC8E24C1BACD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:axle_counter_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0360803-0FF4-46FB-913D-FD0724C74139", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:axle_counter:-:*:*:*:*:*:*:*", "matchCriteriaId": "48535F53-6935-4F1B-B0CA-71721D82B344", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:vega53_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "09CF177A-3D69-4F47-8028-F83493CF0178", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:vega53:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA18F44D-09EC-462A-AEE1-2734F74D9214", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:vega33_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC4C241F-FF66-480B-8708-FDC1814DE167", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:vega33:-:*:*:*:*:*:*:*", "matchCriteriaId": "88626B12-E13C-4606-81E1-998C74CD6485", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:vega11_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "026FF8B9-AEA6-45FF-8FA9-BE97C20A66E1", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:vega11:-:*:*:*:*:*:*:*", "matchCriteriaId": "918205FF-3BC6-4A38-980A-CE0BF36EE9EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:basic_mk2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72B5F07C-949A-440F-AB94-46C5AF5F46C3", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:basic_mk2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A59DD6EA-AE66-4AF6-A2F0-5A84F2F809BB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tattile:anpr_mobile_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF40F60E-1D89-4A51-B1AC-0BE34878AD1E", "versionEndIncluding": "1.181.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tattile:anpr_mobile:-:*:*:*:*:*:*:*", "matchCriteriaId": "7456A228-07C2-4E9A-98A9-8485F993C281", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data."}], "id": "CVE-2026-26342", "lastModified": "2026-02-27T03:10:51.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-02-24T20:27:48.310", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.tattile.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://www.vulncheck.com/advisories/tattile-smart-vega-basic-insufficient-session-token-expiration"}, {"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "ANPR Mobile", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "anpr_mobile", "vendor": "tattile"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Axle Counter", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "axle_counter", "vendor": "tattile"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Basic MK2", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "basic_mk2", "vendor": "tattile"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Smart+", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "smart+", "vendor": "tattile"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Smart+ Speed", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "smart+_speed", "vendor": "tattile"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Smart+ Traffic Light", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "smart+_traffic_light", "vendor": "tattile"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Tolling+", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "tolling+", "vendor": "tattile"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Vega11", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "vega11", "vendor": "tattile"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Vega33", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "vega33", "vendor": "tattile"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.181.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Vega53", "source": "cna", "vendor": "Tattile s.r.l."}, "product": "vega53", "vendor": "tattile"}], "analysis": {"en": {"generated_at": "2026-04-16T16:21:08.532377+00:00", "value": {"mitigation_remediation": ["Upgrade the device firmware to version 1.181.6 or later, which introduces proper session token expiration and a revocation mechanism.", "Limit management interface access to a restricted set of trusted IP addresses or subnets using firewall or access control lists.", "Audit and secure storage of authentication tokens and log files to prevent leakage; enforce secure deletion of token materials after logout, and rotate tokens regularly."], "summary": {"action": "Immediate Patch", "impact": "Persistent Unauthorized Access via unused session tokens"}, "threat_synthesis": {"affected_systems": "Affected vendors and products are Tattile s.r.l.\u2019s Smart+, Vega, Basic MK2, ANPR Mobile, Axle Counter, Smart+ Speed, Smart+ Traffic Light, Tolling+, Vega11, Vega33, and Vega53. Firmware versions 1.181.5 and earlier in all these devices are vulnerable.", "description_and_impact": "The vulnerability is an insufficiently short\u2011lived authentication token (X-User-Token) implemented in firmware versions 1.181.5 and earlier of Tattile Smart+, Vega, and Basic device families. A token once issued can be reused until a manual revocation, so an attacker who obtains a valid token\u2014by intercepting traffic, reading logs, or reusing a token on a shared system\u2014can authenticate to the device\u2019s management interface indefinitely. The flaw amounts to a failure to properly enforce session token expiration (CWE\u2011613) and enables sustained unauthorized access to device functions and data.", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high severity with potential impact on confidentiality, integrity, and availability. The EPSS score is reported as less than 1\u202f%, suggesting that exploitation is currently rare but possible. This vulnerability is not listed in the CISA KEV catalog, so no publicly known active exploits have been reported. An attacker would typically need to capture or otherwise acquire a valid token\u2014possible through network sniffing, log file access, or token reuse on a shared machine\u2014and then use that token to continue authenticating to management services. Because the token persists until explicit revocation, the attack can be sustained over an extended period without further interaction, raising the risk to operational continuity."}}}}, "created": "2026-02-25T11:35:46.639287+00:00", "updated": "2026-04-16T16:30:15.929407+00:00", "vendors": ["tattile", "tattile$PRODUCT$anpr_mobile", "tattile$PRODUCT$axle_counter", "tattile$PRODUCT$basic_mk2", "tattile$PRODUCT$smart+", "tattile$PRODUCT$smart+_speed", "tattile$PRODUCT$smart+_traffic_light", "tattile$PRODUCT$tolling+", "tattile$PRODUCT$vega11", "tattile$PRODUCT$vega33", "tattile$PRODUCT$vega53"]}