CVE-2025-14295

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

CVE-2025-14295

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

CVE-2025-14295 Automated Logic WebCTRL and Carrier i-Vu Session Fixation

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

CVE-2025-14295

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

CVE-2025-14295

The CVE-2025-14295 entry describes a vulnerability in the WebCTRL (Automated Logic) and Carrier i-Vu products on Windows, focused on Web session management. Affected components: storing passwords in a recoverable format (CWE-257) which could allow an attacker with local access to extract stored p...

CVE-2025-14295 Automated Logic WebCTRL and Carrier i-Vu Session Fixation

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

i-Vu and Carrier Automated Logic WebCTRL security vulnerabilities

Carrier i-Vu and Carrier Automated Logic WebCTRL are both products of the American company Carrier. Carrier i-Vu is a building management system platform. Carrier Automated Logic WebCTRL is a building automation system. There are security vulnerabilities in versions 6.0 to 9.0 of Carrier i-Vu and...

PT-2026-3931

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

CVE-2025-0657

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...

CVE-2024-5539

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...

EUVD-2024-55102

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...

EUVD-2024-55103

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...

CVE-2024-5540

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...

CVE-2024-5539

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...

CVE-2024-5540 ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...

CVE-2024-5540 ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...

CVE-2024-5540

The CVE-2024-5540 entry describes a reflective cross-site scripting (XSS) vulnerability in Automated Logic WebCTRL and Carrier i-Vu prior to version 8.0. The issue arises in the login panel, where input may be reflected and insufficiently escaped, enabling a malicious actor to compromise the clie...

CVE-2024-5539 ALC WebCTRL Carrier i-Vu Access Control Bypass

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...

CVE-2024-5539

The CVE-2024-5539 entry concerns an Access Control Bypass in Automated Logic WebCTRL and Carrier i-Vu. Affected versions are up to and including 8.5. The vulnerability allows a malicious actor to bypass built‑in access restrictions and expose sensitive information via the web-based building autom...

CVE-2025-0657

CVE-2025-0657 describes a vulnerability affecting Automated Logic WebCTRL and Carrier i-Vu Gen5 controllers. The issue arises in BACnet MS/TP communication, where malformed packets can be sent to the device, leading to a fault state that requires a manual power cycle to restore network visibility...