CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

CVE-2024-8525

CVE-2024-8525 affects Automated Logic WebCTRL 7.0 (Premium Server). The issue is an unrestricted upload of a file with a dangerous type that an unauthenticated attacker can exploit via a crafted HTTP POST to achieve remote command execution and upload of a malicious file. Multiple connected sourc...

CVE-2024-8526 Automated Logic WebCTRL and Carrier i-Vu Open Redirect

A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...

CVE-2024-8526

CVE-2024-8526 affects Automated Logic WebCTRL 7.0. A authenticated WebCTRL user visiting a specially crafted URL can be redirected to a malicious page via the application’s index.jsp, constituting an Open Redirect (CWE-601). The connected sources describe the vulnerability without providing explo...

CVE-2024-8526 Automated Logic WebCTRL and Carrier i-Vu Open Redirect

A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...

Automated Logic WebCTRL Premium Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands on the server hosting WebCTRL or redirect legitimate users to malicious sites. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

Automated Logic WebCtrl 代码问题漏洞

Automated Logic WebCtrl is a server for Web-based building automation systems from Automated Logic, Inc. A code issue vulnerability exists in Automated Logic WebCtrl version 7.0 that stems from an unrestricted, dangerous type of file upload that could lead to an unauthenticated user executing...

PT-2024-39076 · Automated Logic · Automated Logic Webctrl

Name of the Vulnerable Software and Affected Versions: Automated Logic WebCTRL version 7.0 Description: A vulnerability could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpag...

PT-2024-39075 · Automated Logic · Automated Logic Webctrl

Name of the Vulnerable Software and Affected Versions: Automated Logic WebCTRL version 7.0 Description: The issue allows an unauthenticated user to perform remote command execution via a crafted HTTP POST request, which could lead to uploading a malicious file due to an unrestricted upload of fil...

Automated Logic WebCtrl 输入验证错误漏洞

Automated Logic WebCtrl is a server for Web-based building automation systems from Automated Logic, Inc. An input validation error vulnerability exists in Automated Logic WebCtrl version 7.0, which stems from an attacker being able to send a maliciously constructed URL that, when accessed by an...

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

Automated Logic Corporation WebCTRL, i-VU, SiteScan Unquoted Search Path or Element (CVE-2017-9644)

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5....

Automated Logic Corporation WebCTRL, i-VU, SiteScan Unrestricted Upload of File with Dangerous Type (CVE-2017-9650)

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu,...

Automated Logic Corporation (CVE-2018-8819)

An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...

Automated Logic Corporation WebCTRL, i-VU, SiteScan Improper Limitation of a Pathname to a Restricted Directory (CVE-2017-9640)

A Path Traversal issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An...

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

Automated Logic Corporation WebCTRL, i-VU, SiteScan Improper Limitation of a Pathname to a Restricted Directory (CVE-2017-9640)

A Path Traversal issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An...

Automated Logic Corporation WebCTRL, i-VU, SiteScan Unquoted Search Path or Element (CVE-2017-9644)

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5....

Automated Logic Corporation WebCTRL, i-VU, SiteScan Unrestricted Upload of File with Dangerous Type (CVE-2017-9650)

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu,...