EUVD-2025-199779

🗓️ 27 Nov 2025 03:30:26Reported by EUVDType

Weakness in Automated Logic and Carrier i-Vu Gen5 driver allows malformed BACnet MS/TP packets, causing fault requiring manual power cycle.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-0657	27 Nov 202501:28	–	circl
CNNVD	Automated Logic WebCtrl和Carrier i-Vu 安全漏洞	27 Nov 202500:00	–	cnnvd
CVE	CVE-2025-0657	27 Nov 202501:00	–	cve
Cvelist	CVE-2025-0657 ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range	27 Nov 202501:00	–	cvelist
NVD	CVE-2025-0657	27 Nov 202501:15	–	nvd
Positive Technologies	PT-2025-48213	27 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-0657	28 Nov 202501:05	–	redhatcve
Vulnrichment	CVE-2025-0657 ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range	27 Nov 202501:00	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "270b39a3-ee84-3e09-9393-24a5ed8d60dc",
        "vendor": {
          "name": "Carrier"
        }
      },
      {
        "id": "d22851b7-df57-3eb3-ac34-93827cd1ab93",
        "vendor": {
          "name": "Automated Logic"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "139a1adc-ca8e-3b32-ae7a-217ef7c36012",
        "product": {
          "name": "i-Vu"
        },
        "product_version": "0 ≤8.5"
      },
      {
        "id": "16a534ee-f90d-353c-88bc-ad0147fe15c0",
        "product": {
          "name": "Gen5 Controllers"
        },
        "product_version": "0 ≤drv_gen5_108-04-20120"
      },
      {
        "id": "93c6e49b-7dea-34d0-a736-ae63263a5682",
        "product": {
          "name": "WebCTRL"
        },
        "product_version": "0 ≤8.5"
      }
    ]
  }
]

Source	Link
corporate	www.corporate.carrier.com/product-security/advisories-resources/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-0657

27 Nov 2025 03:30Current

6.3Medium risk

Vulners AI Score6.3

CVSS 48.8

EPSS0.00025

automated logic carrier vu gen5 bacnet ms tp malformed packets manual power cycle driver version