{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40066", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-04-14T15:47:54.264Z", "datePublished": "2026-04-17T19:43:20.709Z", "dateUpdated": "2026-04-17T20:00:36.786Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-17T19:43:20.709Z"}, "title": "Anviz Products Download of Code Without Integrity Check", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-494", "description": "CWE-494", "type": "CWE"}]}], "affected": [{"vendor": "Anviz", "product": "Anviz CX7 Firmware", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}, {"vendor": "Anviz", "product": "Anviz CX2 Lite Firmware", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Anviz\u00a0CX2 Lite and CX7\u00a0are vulnerable to unverified update packages that can be uploaded. The \ndevice unpacks and executes a script resulting in unauthenticated remote\n code execution.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The \ndevice unpacks and executes a script resulting in unauthenticated remote\n code execution."}]}], "references": [{"url": "https://www.anviz.com/contact-us.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "workarounds": [{"lang": "en", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."}]}], "source": {"advisory": "ICSA-26-106-03", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-17T20:00:10.096399Z", "id": "CVE-2026-40066", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T20:00:36.786Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40066", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-17T20:00:10.096399Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T20:00:14.706Z"}}], "cna": {"title": "Anviz Products Download of Code Without Integrity Check", "source": {"advisory": "ICSA-26-106-03", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Anviz", "product": "Anviz CX7 Firmware", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}, {"vendor": "Anviz", "product": "Anviz CX2 Lite Firmware", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.anviz.com/contact-us.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}], "workarounds": [{"lang": "en", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "supportingMedia": [{"type": "text/html", "value": "Anviz did not respond to CISA's attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Anviz\u00a0CX2 Lite and CX7\u00a0are vulnerable to unverified update packages that can be uploaded. The \ndevice unpacks and executes a script resulting in unauthenticated remote\n code execution.", "supportingMedia": [{"type": "text/html", "value": "Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The \ndevice unpacks and executes a script resulting in unauthenticated remote\n code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-494", "description": "CWE-494"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-17T19:43:20.709Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40066", "state": "PUBLISHED", "dateUpdated": "2026-04-17T20:00:36.786Z", "dateReserved": "2026-04-14T15:47:54.264Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-04-17T19:43:20.709Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:anviz:cx7_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "76C4D6EB-2046-4102-B450-4CF7FF2D2522", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:anviz:cx7:-:*:*:*:*:*:*:*", "matchCriteriaId": "048A5AAF-E261-4EB3-899E-B5DC816C25D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:anviz:cx2_lite_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A731810-52F9-4ABC-86DF-DE47AE6DF8C8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:anviz:cx2_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "411BABCF-9FBA-4687-B23C-986A197EC996", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Anviz\u00a0CX2 Lite and CX7\u00a0are vulnerable to unverified update packages that can be uploaded. The \ndevice unpacks and executes a script resulting in unauthenticated remote\n code execution."}], "id": "CVE-2026-40066", "lastModified": "2026-05-04T14:31:04.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-04-17T20:16:35.637", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory"], "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://www.anviz.com/contact-us.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "anviz_cx2_lite_firmware", "vendor": "anviz"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "anviz_cx7_firmware", "vendor": "anviz"}], "analysis": {"en": {"generated_at": "2026-04-18T19:25:22.681558+00:00", "value": {"mitigation_remediation": ["Disable the firmware update upload functionality or restrict it to authenticated, digitally signed packages only.", "Configure network or device firewall rules to block inbound connections that permit firmware uploads from untrusted sources.", "Contact Anviz immediately to request an official patch or firmware update that implements integrity checks and authentication.", "Once a vendor fix is available, upgrade the firmware to the patched version and verify the integrity of the update package before installation."], "summary": {"action": "Contact Vendor", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected products are the Anviz CX2 Lite Firmware and the Anviz CX7 Firmware, as identified by the vendor. No other product versions are listed as vulnerable in the current advisory.", "description_and_impact": "Anviz CX2 Lite and CX7 devices allow any user to upload firmware update packages without verifying integrity, a flaw identified as CWE-494 \u2013 Download of Code Without Integrity Check. The firmware file, once unpacked, automatically executes a script embedded in the package, resulting in unauthenticated remote code execution and giving an attacker full control of the device.", "risk_and_exploitability": "The CVSS score of 8.8 classifies the vulnerability as high severity. EPSS data indicates a very low exploitation probability (< 1\u202f%), and the issue is not listed in the CISA KEV catalog. Because no authentication is required, an attacker can upload a malicious firmware package that the device will unpack and execute, yielding remote code execution and complete device compromise."}}}}, "created": "2026-04-17T20:39:58.935108+00:00", "updated": "2026-04-18T19:30:08.939826+00:00", "vendors": ["anviz", "anviz$PRODUCT$anviz_cx2_lite_firmware", "anviz$PRODUCT$anviz_cx7_firmware"]}