8.8
CVE-2025-0657
- EPSS 0.28%
- Veröffentlicht 27.11.2025 01:15:46
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle productsecurity@carrier.com
- CVE-Watchlists
- Unerledigt
ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAutomated Logic
≫
Produkt
WebCtrl
Default Statusunaffected
Version <=
8.5
Version
0
Status
affected
HerstellerAutomated Logic
≫
Produkt
Gen5 Controllers
Default Statusunaffected
Version <=
drv_gen5_108-04-20120
Version
0
Status
affected
HerstellerCarrier
≫
Produkt
i-Vu
Default Statusunaffected
Version <=
8.5
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.196 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productsecurity@carrier.com | 8.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-248 Uncaught Exception
An exception is thrown from a function, but it is not caught.
https://www.corporate.carrier.com/product-security/advisories-resources/