{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32650", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-04-14T15:42:14.116Z", "datePublished": "2026-04-17T19:52:45.308Z", "dateUpdated": "2026-04-17T20:26:17.922Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-17T19:52:45.308Z"}, "title": "Anviz CrossChex Standard Algorithm Downgrade", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-757", "description": "CWE-757", "type": "CWE"}]}], "affected": [{"vendor": "Anviz", "product": "Anviz CrossChex Standard", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Anviz CrossChex Standard\u00a0is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access."}]}], "references": [{"url": "https://www.anviz.com/contact-us.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "workarounds": [{"lang": "en", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."}]}], "source": {"advisory": "ICSA-26-106-03", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-17T20:26:08.787769Z", "id": "CVE-2026-32650", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T20:26:17.922Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32650", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-17T20:26:08.787769Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T20:26:11.187Z"}}], "cna": {"title": "Anviz CrossChex Standard Algorithm Downgrade", "source": {"advisory": "ICSA-26-106-03", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Anviz", "product": "Anviz CrossChex Standard", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.anviz.com/contact-us.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}], "workarounds": [{"lang": "en", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "supportingMedia": [{"type": "text/html", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Anviz CrossChex Standard\u00a0is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access.", "supportingMedia": [{"type": "text/html", "value": "Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-757", "description": "CWE-757"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-17T19:52:45.308Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32650", "state": "PUBLISHED", "dateUpdated": "2026-04-17T20:26:17.922Z", "dateReserved": "2026-04-14T15:42:14.116Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-04-17T19:52:45.308Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anviz:crosschex_standard:-:*:*:*:*:*:*:*", "matchCriteriaId": "155C659B-9DDA-46B7-9020-0D8741D19926", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Anviz CrossChex Standard\u00a0is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access."}], "id": "CVE-2026-32650", "lastModified": "2026-05-04T14:38:05.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-04-17T20:16:34.360", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory"], "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://www.anviz.com/contact-us.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-757"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Anviz CrossChex Standard", "source": "cna", "vendor": "Anviz"}, "product": "anviz_crosschex_standard", "vendor": "anviz"}], "analysis": {"en": {"generated_at": "2026-04-18T09:03:23.931575+00:00", "value": {"mitigation_remediation": ["Contact Anviz for guidance on disabling the insecure PreLogin modification and any available firmware fix.", "Apply any vendor\u2011supplied firmware or configuration update that enforces encryption during the PreLogin phase to prevent downgrade attacks.", "Restrict network access to the device with firewall rules or IDS signatures that detect and block attempts to alter the PreLogin encryption flag, and monitor for unexpected clear\u2011text credential traffic.", "Verify that the device\u2019s configuration requires encryption by default and that clients cannot override this setting, ensuring compliance with secure algorithm usage."], "summary": {"action": "Contact Vendor", "impact": "Unauthorized database credentials exposure leading to unauthorized database access"}, "threat_synthesis": {"affected_systems": "The affected product is Anviz CrossChex Standard. No specific version information was disclosed, so all deployed units of this model should be considered at risk until further notice.", "description_and_impact": "This vulnerability allows an attacker to manipulate the TDS7 PreLogin negotiation of Anviz CrossChex Standard so that encryption is disabled. As a result, database credentials are transmitted in clear text, enabling the attacker to capture them and gain unauthorized access to the backend database. The weakness is categorized as CWE\u2011757 due to the inappropriate use of algorithmic downgrade.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity, but the EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, through the device\u2019s network interface that processes TDS7 PreLogin messages; an adversary would need to transmit a crafted packet or intercept traffic to override the encryption setting. Given the lack of publicly available exploits, the immediate risk remains limited, yet the potential for credential theft warrants prompt action."}}}}, "created": "2026-04-18T09:15:15.963632+00:00", "updated": "2026-04-20T14:59:40.850400+00:00", "vendors": ["anviz", "anviz$PRODUCT$anviz_crosschex_standard"]}