193 matches found
EUVD-2026-13844
Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...
EUVD-2026-13861
WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...
CVE-2026-25086
Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...
CVE-2026-24060
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
Automated Logic WebCtrl 安全漏洞
Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability caused by improper port binding, which may allow attackers to bind the same port and send malicious data...
Automated Logic WebCtrl 安全漏洞
Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability that stems from the lack of network-layer authentication. This vulnerability may allow for the processing of...
Automated Logic WebCtrl 安全漏洞
Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability, which stems from the unencrypted transmission of BACnet data packets. This vulnerability could allow...
CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
CVE-2026-24060
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
CVE-2026-24060
This CVE (CVE-2026-24060) concerns Automated Logic WebCTRL Premium Server where BACnet traffic is sent in cleartext, allowing on-wire sniffing/interception and potential modification. The issue exposes sensitive data such as File Start Position and File Data; Wireshark BACnet dissector can reveal...
CVE-2026-32666
WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...
CVE-2026-32666 Automated Logic WebCTRL Premium Server Authentication Bypass by Spoofing
WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...
CVE-2026-32666
CVE-2026-32666 affects WebCTRL systems using BACnet. The vulnerability arises from BACnet’s lack of network-layer authentication and WebCTRL’s absence of additional validation of BACnet traffic, permitting an attacker with network access to spoof BACnet packets directed at the WebCTRL server or A...
CVE-2026-25086 Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port
Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...
CVE-2026-25086 Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port
Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...
CVE-2026-25086
Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...
CVE-2026-25086
CVE-2026-25086 affects Automated Logic WebCTRL Premium Server. Under certain conditions, an attacker could bind to the same port used by WebCTRL, enabling the crafting and sending of malicious packets and impersonation of the WebCTRL service without requiring code injection into WebCTRL. The prov...
PT-2026-26693
Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...
PT-2026-26712
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
PT-2026-26701
Name of the Vulnerable Software and Affected Versions WebCTRL affected versions not specified Description WebCTRL systems utilizing BACnet communication are susceptible to an issue stemming from the protocol's inherent lack of network layer authentication. The software does not perform additional...