Lucene search
K

193 matches found

Vulnrichment
Vulnrichment
added 2025/11/27 1:0 a.m.3 views

CVE-2025-0657 ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...

8.8CVSS6.5AI score0.00291EPSS
Exploits0References1
CVE
CVE
added 2025/11/27 1:0 a.m.21 views

CVE-2025-0657

CVE-2025-0657 describes a vulnerability affecting Automated Logic WebCTRL and Carrier i-Vu Gen5 controllers. The issue arises in BACnet MS/TP communication, where malformed packets can be sent to the device, leading to a fault state that requires a manual power cycle to restore network visibility...

8.8CVSS6.5AI score0.00291EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.7 views

PT-2025-48212

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...

6.9CVSS6.2AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.9 views

PT-2025-48211

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...

9.2CVSS6.4AI score0.00287EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/27 12:0 a.m.5 views

Automated Logic WebCtrl和Carrier i-Vu 安全漏洞

Automated Logic WebCtrl is a server for web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu versions 8.5 and earlier, which...

9.2CVSS6.3AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/27 12:0 a.m.3 views

Automated Logic WebCtrl和Carrier i-Vu 安全漏洞

Automated Logic WebCtrl is a server for Web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu that stems from a BACnet MS/TP...

8.8CVSS6.7AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.7 views

CVE-2024-8528

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

5.4CVSS6.3AI score0.00104EPSS
Exploits0References1
CISA
CISA
added 2025/11/20 12:0 p.m.5 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-324-01 Automated Logic WebCTRL Premium Server ICSA-25-324-02 ICAM365 CCTV Camera Multiple Models...

6.6AI score
Exploits0References6
EUVD
EUVD
added 2025/11/19 3:31 p.m.3 views

EUVD-2024-55098

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

8.6CVSS6.4AI score0.00139EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/19 3:31 p.m.5 views

EUVD-2024-55097

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

5.4CVSS5.8AI score0.00104EPSS
Exploits0References2
NVD
NVD
added 2025/11/19 2:15 p.m.8 views

CVE-2024-8528

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

5.4CVSS0.00104EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 2:15 p.m.5 views

CVE-2024-8527

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

8.6CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2025/11/19 1:18 p.m.11 views

CVE-2024-8528

CVE-2024-8528 concerns reflected XSS in Automated Logic WebCTRL and Carrier i-Vu. The Red Hat/CISA-enriched and CVE records converge on a vulnerability where a specific GET parameter (not sanitized) allows an attacker to deliver a malicious payload via a crafted URL, targeting a user’s browser. A...

5.4CVSS5.9AI score0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/19 1:18 p.m.3 views

CVE-2024-8528 ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

5.4CVSS5.9AI score0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/19 1:18 p.m.18 views

CVE-2024-8528 ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

5.4CVSS0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/19 1:17 p.m.8 views

CVE-2024-8527 ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

8.6CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/19 1:17 p.m.5 views

CVE-2024-8527 ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

8.6CVSS6.5AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.5 views

Automated Logic WebCtrl和Carrier i-Vu 安全漏洞

Automated Logic WebCtrl is a server for web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu that stems from not cleaning up...

5.4CVSS5.9AI score0.00104EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47455

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

5.4CVSS6.3AI score0.00104EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.6 views

PT-2025-47454

Name of the Vulnerable Software and Affected Versions Automated Logic WebCTRL and Carrier i-Vu versions 6.0 through 9.0 Description An open redirect exists due to a flaw in a URL parameter. This could allow attackers to exploit user sessions. Recommendations Versions 6.0 through 9.0 should be...

8.6CVSS6.2AI score0.00139EPSS
Exploits0References4
Rows per page
Query Builder