CVE-2025-0657

CVE-2025-0657 describes a vulnerability affecting Automated Logic WebCTRL and Carrier i-Vu Gen5 controllers. The issue arises in BACnet MS/TP communication, where malformed packets can be sent to the device, leading to a fault state that requires a manual power cycle to restore network visibility...

EUVD-2025-14682

Malicious code in bioql PyPI...

PT-2025-20863 · Unknown · Apogee Pxc+Talon Tc Series

Name of the Vulnerable Software and Affected Versions: APOGEE PXC+TALON TC Series BACnet All versions Description: A vulnerability has been identified that could allow an attacker residing in the same BACnet network to send a specially crafted message, resulting in a partial denial of service...

PT-2025-20851 · Unknown · Ms/Tp Point Pickup Module

Name of the Vulnerable Software and Affected Versions: MS/TP Point Pickup Module All versions Description: A vulnerability has been identified where affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send ...

Climatix POL909 跨站脚本漏洞

Siemens Climatix AWB Advanced Web and BACnet Module, POL909 enables users of the Climatix 600 solution to connect to a BACnet IP network and implement and load customer web pages and features. Siemens Climatix AWM Advanced Web Module, POL909 enables users of the Climatix 600 solution to implement...