CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/03/21 12:0 a.m.•2 views

Automated Logic WebCtrl 安全漏洞

Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability that stems from the lack of network-layer authentication. This vulnerability may allow for the processing of...

7.5CVSS5.8AI score0.00078EPSS

RedhatCVE•added 2026/01/09 11:23 a.m.•4 views

CVE-2021-31682

The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to...

6.1CVSS6.2AI score0.4107EPSS

Exploits4References1

CNNVD•added 2025/11/27 12:0 a.m.•1 views

Automated Logic WebCtrl和Carrier i-Vu 安全漏洞

Automated Logic WebCtrl is a server for web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu versions 8.5 and earlier, which...

9.2CVSS6.3AI score0.00058EPSS

CISA•added 2025/11/20 12:0 p.m.•4 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-324-01 Automated Logic WebCTRL Premium Server ICSA-25-324-02 ICAM365 CCTV Camera Multiple Models...

6.6AI score

Exploits0References6

CNNVD•added 2025/11/19 12:0 a.m.•3 views

Automated Logic WebCtrl和Carrier i-Vu 安全漏洞

5.4CVSS5.9AI score0.00029EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-49547

Malicious code in bioql PyPI...

10CVSS6.3AI score0.01652EPSS

RedhatCVE•added 2025/05/23 6:38 a.m.•6 views

CVE-2024-8526

A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...

5.9CVSS6.5AI score0.00083EPSS

Tenable Nessus•added 2025/02/17 12:0 a.m.•11 views

Automated Logic WebCTRL Premium Server Unrestricted Upload of File with Dangerous Type (CVE-2024-8525)

CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists which could allow an unauthenticated user to upload files of dangerous types without restrictions, leading to remote command execution. This plugin only works with Tenable.ot. Please visit...

10CVSS5.5AI score0.01652EPSS

NVD•added 2024/11/21 4:15 p.m.•5 views

CVE-2024-8525

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

10CVSS0.01652EPSS

NVD•added 2024/11/21 4:15 p.m.•6 views

CVE-2024-8526

5.9CVSS0.00083EPSS

Vulnrichment•added 2024/11/21 3:32 p.m.•14 views

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

10CVSS7.2AI score0.01652EPSS

CVE•added 2024/11/21 3:32 p.m.•60 views

CVE-2024-8525

CVE-2024-8525 affects Automated Logic WebCTRL 7.0 (Premium Server). The issue is an unrestricted upload of a file with a dangerous type that an unauthenticated attacker can exploit via a crafted HTTP POST to achieve remote command execution and upload of a malicious file. Multiple connected sourc...

10CVSS6.9AI score0.01652EPSS

Cvelist•added 2024/11/21 3:32 p.m.•16 views

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

10CVSS0.01652EPSS

Cvelist•added 2024/11/21 3:29 p.m.•18 views

CVE-2024-8526 Automated Logic WebCTRL and Carrier i-Vu Open Redirect

5.9CVSS0.00083EPSS

CVE•added 2024/11/21 3:29 p.m.•51 views

CVE-2024-8526

CVE-2024-8526 affects Automated Logic WebCTRL 7.0. A authenticated WebCTRL user visiting a specially crafted URL can be redirected to a malicious page via the application’s index.jsp, constituting an Open Redirect (CWE-601). The connected sources describe the vulnerability without providing explo...

5.9CVSS6.3AI score0.00083EPSS

Vulnrichment•added 2024/11/21 3:29 p.m.•12 views

CVE-2024-8526 Automated Logic WebCTRL and Carrier i-Vu Open Redirect

5.9CVSS6.7AI score0.00083EPSS

CNNVD•added 2024/11/21 12:0 a.m.•1 views

Automated Logic WebCtrl 代码问题漏洞

Automated Logic WebCtrl is a server for Web-based building automation systems from Automated Logic, Inc. A code issue vulnerability exists in Automated Logic WebCtrl version 7.0 that stems from an unrestricted, dangerous type of file upload that could lead to an unauthenticated user executing...

10CVSS7.1AI score0.01652EPSS

Positive Technologies•added 2024/11/21 12:0 a.m.•2 views

PT-2024-39075 · Automated Logic · Automated Logic Webctrl

Name of the Vulnerable Software and Affected Versions: Automated Logic WebCTRL version 7.0 Description: The issue allows an unauthenticated user to perform remote command execution via a crafted HTTP POST request, which could lead to uploading a malicious file due to an unrestricted upload of fil...

10CVSS8AI score0.01652EPSS