CVE-2024-5540 ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...

CVE-2024-5540

The CVE-2024-5540 entry describes a reflective cross-site scripting (XSS) vulnerability in Automated Logic WebCTRL and Carrier i-Vu prior to version 8.0. The issue arises in the login panel, where input may be reflected and insufficiently escaped, enabling a malicious actor to compromise the clie...

CVE-2024-5539

The CVE-2024-5539 entry concerns an Access Control Bypass in Automated Logic WebCTRL and Carrier i-Vu. Affected versions are up to and including 8.5. The vulnerability allows a malicious actor to bypass built‑in access restrictions and expose sensitive information via the web-based building autom...

CVE-2024-5539 ALC WebCTRL Carrier i-Vu Access Control Bypass

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...

CVE-2025-0657

CVE-2025-0657 describes a vulnerability affecting Automated Logic WebCTRL and Carrier i-Vu Gen5 controllers. The issue arises in BACnet MS/TP communication, where malformed packets can be sent to the device, leading to a fault state that requires a manual power cycle to restore network visibility...

CVE-2025-0657 ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...

Automated Logic WebCtrl和Carrier i-Vu 安全漏洞

Automated Logic WebCtrl is a server for Web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu that stems from a BACnet MS/TP...

PT-2025-48212

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser...

Automated Logic WebCtrl和Carrier i-Vu 安全漏洞

Automated Logic WebCtrl is a server for web-based building automation systems from Automated Logic, Inc. and Carrier i-Vu is a building management system platform from Carrier Corporation. A security vulnerability exists in Automated Logic WebCtrl and Carrier i-Vu versions 8.5 and earlier, which...

PT-2025-48211

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server...

CVE-2024-8528

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-324-01 Automated Logic WebCTRL Premium Server ICSA-25-324-02 ICAM365 CCTV Camera Multiple Models...

EUVD-2024-55098

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

EUVD-2024-55097

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

CVE-2024-8528

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

CVE-2024-8527

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

CVE-2024-8528

CVE-2024-8528 concerns reflected XSS in Automated Logic WebCTRL and Carrier i-Vu. The Red Hat/CISA-enriched and CVE records converge on a vulnerability where a specific GET parameter (not sanitized) allows an attacker to deliver a malicious payload via a crafted URL, targeting a user’s browser. A...

CVE-2024-8528 ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

CVE-2024-8528 ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

CVE-2024-8527 ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...