34 matches found
Carrier Corporation i-VU Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Automated Logic WebCTRL Improper Validation of Array Index (CVE-2025-0657)
CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...
Vertiv Liebert SiteScan Improper Validation of Array Index (CVE-2025-0657)
CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...
Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)
CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...
Automated Logic WebCtrl 安全漏洞
Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability caused by improper port binding, which may allow attackers to bind the same port and send malicious data...
Automated Logic WebCtrl 安全漏洞
Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability that stems from the lack of network-layer authentication. This vulnerability may allow for the processing of...
CVE-2021-31682
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to...
Automated Logic WebCtrl和Carrier i-Vu 安全漏洞
Automated Logic WebCtrl is a server for web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu versions 8.5 and earlier, which...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-324-01 Automated Logic WebCTRL Premium Server ICSA-25-324-02 ICAM365 CCTV Camera Multiple Models...
Automated Logic WebCtrl和Carrier i-Vu 安全漏洞
Automated Logic WebCtrl is a server for web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu that stems from not cleaning up...
EUVD-2024-49547
Malicious code in bioql PyPI...
CVE-2024-8526
A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...
Automated Logic WebCTRL Premium Server Unrestricted Upload of File with Dangerous Type (CVE-2024-8525)
CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists which could allow an unauthenticated user to upload files of dangerous types without restrictions, leading to remote command execution. This plugin only works with Tenable.ot. Please visit...
CVE-2024-8526
A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...
CVE-2024-8525
An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...
CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload
An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...
CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload
An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...
CVE-2024-8525
CVE-2024-8525 affects Automated Logic WebCTRL 7.0 (Premium Server). The issue is an unrestricted upload of a file with a dangerous type that an unauthenticated attacker can exploit via a crafted HTTP POST to achieve remote command execution and upload of a malicious file. Multiple connected sourc...