Summary
Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications.
The following versions of Automated Logic WebCTRL Premium Server are affected:
- WebCTRL Premium Server
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.1 | Automated Logic | Automated Logic WebCTRL Premium Server | Multiple Binds to the Same Port, Authentication Bypass by Spoofing, Cleartext Transmission of Sensitive Information |
Background
- Critical Infrastructure Sectors: Commercial Facilities
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: United States
Vulnerabilities
CVE-2026-25086
Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software.
Affected Products
Automated Logic WebCTRL Premium Server
Automated Logic
Automated Logic WebCTRL Premium Server: <v8.5
known_affected
Remediations
Mitigation
Automated Logic notes that WebCTRL 7 is End of Life (EOL) and has been out of support since January 27, 2023. Users are advised to upgrade to the latest version of the WebCTRL server application, which supports the more secure BACnet/SC.
Mitigation
For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance for hardware and software deployments; BACnet Secure Connect (BACnet/SC) support, which introduces TLS encryption and mutual authentication; and published best practices for network segmentation, access control, and secure protocol implementation. Additional information is available at: https://www.automatedlogic.com/en/company/security-commitment/.
https://www.automatedlogic.com/en/company/security-commitment/
Relevant CWE: CWE-605 Multiple Binds to the Same Port
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
CVE-2026-32666
WebCTRL systems that communicate over BACnet inherit the protocol’s lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated AutomatedLogic controllers. Spoofed packets may be processed as legitimate.
Affected Products
Automated Logic WebCTRL Premium Server
Automated Logic
Automated Logic WebCTRL Premium Server: <v8.5
known_affected
Remediations
Mitigation
Automated Logic notes that WebCTRL 7 is End of Life (EOL) and has been out of support si
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: