Primary

Context

IDS VibroLine Devices Unauthenticated Configuration Switch Vulnerability via CAN

Vulnerability

Patched

A vulnerability exists in IDS VibroLine devices running version 5.0 Firmware 2.1.1340 to 2.1.1387 on the VLX1, VLX2, VLX4, VLX6, and VLX8 HD 5.0 models. The vulnerability allows an unauthenticated adjacent attacker to disrupt operations by switching between multiple configuration presets via CAN. This issue could interfere with normal device functions, especially if more than one configuration preset is active.

Impact

Exploitation of this vulnerability could lead to a denial-of-service condition, disrupting normal operations by improperly switching configuration presets.

Remediation

Users can limit access to the CAN bus to trustworthy devices and remove any unnecessary configuration presets. For devices currently running the vulnerable firmware, an update to version 2.1.1866 or later is recommended.

Added: Feb 2, 2026, 3:21 PM

Updated: Feb 2, 2026, 3:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.9

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.9

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IDS VibroLine Devices Unauthenticated Configuration Switch Vulnerability via CAN

Vulnerability

Impact

Remediation

Affected Products

IDS Innomic VibroLine 5.0 Firmware

IDS Innomic VibroLine Configurator 5.0

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating