CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

CVE-2026-32666 Automated Logic WebCTRL Premium Server Authentication Bypass by Spoofing

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

PT-2026-26701

Name of the Vulnerable Software and Affected Versions WebCTRL affected versions not specified Description WebCTRL systems utilizing BACnet communication are susceptible to an issue stemming from the protocol's inherent lack of network layer authentication. The software does not perform additional...

CVE-2025-0658

A vulnerability in Automated Logic and Carrier's Zone Controller via BACnet protocol causes the device to crash. The device enters a fault state; after a reset, a second packet can leave it permanently unresponsive until a manual power cycle is performed...

CVE-2025-0657

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...

CVE-2025-0658

The CVE-2025-0658 entry concerns Automated Logic and Carrier’s Zone Controller devices exposed to BACnet protocol. The vulnerability leads to a crash and a fault state; after a reset, a second BACnet packet can render the device permanently unresponsive until a manual power cycle. Documents consi...

Siemens APOGEE PXC and TALON TC Series Expected Behavior Violation (CVE-2025-40555)

Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the targeted...

PT-2023-31891 · Unknown · Bacnet Stack

Name of the Vulnerable Software and Affected Versions: BACnet Stack versions prior to 1.3.2 Description: The issue is related to a decode function APDU buffer over-read in the bacapp decode application data function in bacapp.c. This over-read occurs in versions of the BACnet Stack before 1.3.2...

CVE-2023-38405

On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash...

RLE Wi-MGR/FDS-Wi Web Server Cross-Site Scripting Vulnerability

RLE Wi-MGR/FDS-Wi is a wireless monitoring device. web server is a web server used in it. A cross-site scripting vulnerability exists in the web server of the RLE Wi-MGR/FDS-Wi version 6.2. A remote attacker can exploit this vulnerability to inject malicious JavaScript code via the device's BACne...

The vulnerability of the Web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to inject arbitrary Web or HTML code.

The vulnerability of the BACnet/IP network controller visualization web server from SAUTER moduWeb Vision exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially craft...

The vulnerability of the web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to obtain confidential information.

The vulnerability of the BACnet/IP network controller visualization web server, SAUTER moduWeb Vision, is related to the transmission of data in an open manner. Exploiting this vulnerability could allow a malicious actor to obtain confidential information by listening to network traffic...