Automated Logic WebCtrl 安全漏洞

Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability, which stems from the unencrypted transmission of BACnet data packets. This vulnerability could allow...

CVE-2025-14295

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

CVE-2025-14295

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

CVE-2025-14295

The CVE-2025-14295 entry describes a vulnerability in the WebCTRL (Automated Logic) and Carrier i-Vu products on Windows, focused on Web session management. Affected components: storing passwords in a recoverable format (CWE-257) which could allow an attacker with local access to extract stored p...

PT-2026-3931

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

EUVD-2024-55098

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

CVE-2024-8528 ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

Carrier Corporation i-VU URL Redirection to Untrusted Site (CVE-2024-8526)

CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists which could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, results in the redirection of the user to a malicious webpage via 'index.jsp' This plugin only works...

ALC WebCTRL XML External Entity Injection Vulnerability

ALC WebCTRL is a building automation control system from Automated Logic Corporation ALC. An XML external entity injection vulnerability exists in ALC WebCTRL. The vulnerability can be exploited to disclose the contents of a file on the underlying web server operating system via the 'X-Wap-Profil...

ALC WebCTRL i-Vu/SiteScan Web Path Traversal Vulnerability

ALC WebCTRL is the building automation platform. A security vulnerability exists in ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior versions that allows an authenticated user to overwrite files used to execute code...