193 matches found
Automated Logic WebCTRL Premium Server
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
CVE-2025-14295
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...
CVE-2025-14295
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...
CVE-2025-14295 Automated Logic WebCTRL and Carrier i-Vu Session Fixation
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...
CVE-2025-14295
The CVE-2025-14295 entry describes a vulnerability in the WebCTRL (Automated Logic) and Carrier i-Vu products on Windows, focused on Web session management. Affected components: storing passwords in a recoverable format (CWE-257) which could allow an attacker with local access to extract stored p...
CVE-2025-14295
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...
CVE-2025-14295 Automated Logic WebCTRL and Carrier i-Vu Session Fixation
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...
i-Vu and Carrier Automated Logic WebCTRL security vulnerabilities
Carrier i-Vu and Carrier Automated Logic WebCTRL are both products of the American company Carrier. Carrier i-Vu is a building management system platform. Carrier Automated Logic WebCTRL is a building automation system. There are security vulnerabilities in versions 6.0 to 9.0 of Carrier i-Vu and...
PT-2026-3931
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...
CVE-2021-31682
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to...
CVE-2024-5540
The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...
EUVD-2024-55102
The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...
EUVD-2024-55103
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...
CVE-2024-5539
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...
CVE-2024-5540
The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...
CVE-2024-5540
The CVE-2024-5540 entry describes a reflective cross-site scripting (XSS) vulnerability in Automated Logic WebCTRL and Carrier i-Vu prior to version 8.0. The issue arises in the login panel, where input may be reflected and insufficiently escaped, enabling a malicious actor to compromise the clie...
CVE-2024-5540 ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting
The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...
CVE-2024-5540 ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting
The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...
CVE-2024-5539
The CVE-2024-5539 entry concerns an Access Control Bypass in Automated Logic WebCTRL and Carrier i-Vu. Affected versions are up to and including 8.5. The vulnerability allows a malicious actor to bypass built‑in access restrictions and expose sensitive information via the web-based building autom...
CVE-2024-5539 ALC WebCTRL Carrier i-Vu Access Control Bypass
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...