Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25086 | 1 Automatedlogic | 1 Webctrl Server | 2026-03-23 | 7.7 High |
| Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software. | ||||
| CVE-2026-32666 | 1 Automatedlogic | 1 Webctrl Server | 2026-03-23 | 7.5 High |
| WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated AutomatedLogic controllers. Spoofed packets may be processed as legitimate. | ||||
| CVE-2026-24060 | 1 Automatedlogic | 1 Webctrl Server | 2026-03-23 | 9.1 Critical |
| Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered. | ||||
| CVE-2022-1019 | 1 Automatedlogic | 1 Webctrl Server | 2025-04-16 | 5.2 Medium |
| Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file. | ||||
Page 1 of 1.