Lucene search
K

34 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.3 views

Carrier Corporation i-VU Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.8 views

Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.8 views

Automated Logic WebCTRL Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

8.8CVSS5.7AI score0.00291EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Vertiv Liebert SiteScan Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

8.8CVSS5.7AI score0.00291EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)

CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...

8.6CVSS5.7AI score0.00139EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.7 views

Automated Logic WebCtrl 安全漏洞

Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability caused by improper port binding, which may allow attackers to bind the same port and send malicious data...

7.7CVSS5.8AI score0.00151EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.7 views

Automated Logic WebCtrl 安全漏洞

Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability that stems from the lack of network-layer authentication. This vulnerability may allow for the processing of...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.6 views

CVE-2021-31682

The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to...

6.1CVSS6.2AI score0.10509EPSS
Exploits4References1
CNNVD
CNNVD
added 2025/11/27 12:0 a.m.5 views

Automated Logic WebCtrl和Carrier i-Vu 安全漏洞

Automated Logic WebCtrl is a server for web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu versions 8.5 and earlier, which...

9.2CVSS6.3AI score0.00287EPSS
Exploits0References1
CISA
CISA
added 2025/11/20 12:0 p.m.5 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-324-01 Automated Logic WebCTRL Premium Server ICSA-25-324-02 ICAM365 CCTV Camera Multiple Models...

6.6AI score
Exploits0References6
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.5 views

Automated Logic WebCtrl和Carrier i-Vu 安全漏洞

Automated Logic WebCtrl is a server for web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu that stems from not cleaning up...

5.4CVSS5.9AI score0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49547

Malicious code in bioql PyPI...

10CVSS6.3AI score0.0143EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:38 a.m.8 views

CVE-2024-8526

A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...

5.9CVSS6.5AI score0.0063EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/17 12:0 a.m.15 views

Automated Logic WebCTRL Premium Server Unrestricted Upload of File with Dangerous Type (CVE-2024-8525)

CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists which could allow an unauthenticated user to upload files of dangerous types without restrictions, leading to remote command execution. This plugin only works with Tenable.ot. Please visit...

10CVSS5.5AI score0.0143EPSS
Exploits0References3
NVD
NVD
added 2024/11/21 4:15 p.m.37 views

CVE-2024-8526

A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...

5.9CVSS0.0063EPSS
Exploits0References2
NVD
NVD
added 2024/11/21 4:15 p.m.7 views

CVE-2024-8525

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

10CVSS0.0143EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/21 3:32 p.m.15 views

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

10CVSS7.2AI score0.0143EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/21 3:32 p.m.18 views

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

10CVSS0.0143EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 3:32 p.m.64 views

CVE-2024-8525

CVE-2024-8525 affects Automated Logic WebCTRL 7.0 (Premium Server). The issue is an unrestricted upload of a file with a dangerous type that an unauthenticated attacker can exploit via a crafted HTTP POST to achieve remote command execution and upload of a malicious file. Multiple connected sourc...

10CVSS6.9AI score0.0143EPSS
Exploits0References2
Rows per page
Query Builder