95 matches found
Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)
CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...
Carrier Corporation i-VU Improper Validation of Array Index (CVE-2025-0657)
CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...
Vertiv Liebert SiteScan Improper Validation of Array Index (CVE-2025-0657)
CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...
Automated Logic WebCTRL Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
Automated Logic WebCTRL Storing Passwords in a Recoverable Format (CVE-2025-14295)
CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...
Carrier Corporation i-VU Storing Passwords in a Recoverable Format (CVE-2025-14295)
CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...
Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)
CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...
Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...
Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...
Carrier Corporation i-VU Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...
Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
Automated Logic WebCTRL Improper Validation of Array Index (CVE-2025-0657)
CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...
Carrier Corporation i-VU Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
CVE-2025-14295
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...
CVE-2025-14295
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...
CVE-2025-14295 Automated Logic WebCTRL and Carrier i-Vu Session Fixation
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...
CVE-2025-14295 Automated Logic WebCTRL and Carrier i-Vu Session Fixation
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...