CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.6CVSS5.7AI score0.00139EPSS

Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)

CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...

Tenable Nessus•added 2 days ago•4 views

Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)

8.6CVSS5.7AI score0.00139EPSS

Tenable Nessus•added 2 days ago•2 views

Carrier Corporation i-VU Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00262EPSS

9.2CVSS5.9AI score0.00302EPSS

Carrier Corporation i-VU Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00302EPSS

Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)

Tenable Nessus•added 2 days ago•6 views

Carrier Corporation i-VU Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

8.8CVSS5.7AI score0.00281EPSS

5.4CVSS5.8AI score0.00104EPSS

Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

7CVSS5.9AI score0.00158EPSS

Carrier Corporation i-VU Storing Passwords in a Recoverable Format (CVE-2025-14295)

CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...

Fedora•added 2026/04/28 1:0 a.m.•4 views

[SECURITY] Fedora 43 Update: libcoap-4.3.5b-1.fc43

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS5.2AI score0.00296EPSS

Exploits0

CNNVD•added 2026/04/09 12:0 a.m.•5 views

Contemporary Controls BASControl20 安全漏洞

Contemporary Controls BASControl20 is a building automation control and BACnet communication controller developed by the American company Contemporary Controls. The Contemporary Controls BASC 20T has a security vulnerability that stems from network traffic sniffing, which may allow for the...

9.8CVSS5.9AI score0.00443EPSS

EUVD•added 2026/03/21 12:31 a.m.•4 views

EUVD-2026-13840

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS5.8AI score0.002EPSS

Exploits0References4

EUVD•added 2026/03/21 12:31 a.m.•6 views

EUVD-2026-13861

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

7.5CVSS5.8AI score0.00328EPSS

Exploits0References4

NVD•added 2026/03/21 12:16 a.m.•5 views

CVE-2026-32666

7.5CVSS0.00328EPSS

NVD•added 2026/03/21 12:16 a.m.•4 views

CVE-2026-24060

9.1CVSS0.002EPSS

CNNVD•added 2026/03/21 12:0 a.m.•5 views

Automated Logic WebCtrl 安全漏洞

Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability that stems from the lack of network-layer authentication. This vulnerability may allow for the processing of...

7.5CVSS5.8AI score0.00328EPSS

Cvelist•added 2026/03/20 11:19 p.m.•25 views

CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information

9.1CVSS0.002EPSS

Cvelist•added 2026/03/20 11:17 p.m.•26 views

CVE-2026-32666 Automated Logic WebCTRL Premium Server Authentication Bypass by Spoofing

7.5CVSS0.00328EPSS