8.8
CVE-2025-0657
- EPSS 0.06%
- Veröffentlicht 27.11.2025 01:15:46
- Zuletzt bearbeitet 01.12.2025 15:39:33
- Quelle productsecurity@carrier.com
- CVE-Watchlists
- Unerledigt
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAutomated Logic
≫
Produkt
WebCtrl
Default Statusunaffected
Version <=
8.5
Version
0
Status
affected
HerstellerAutomated Logic
≫
Produkt
Gen5 Controllers
Default Statusunaffected
Version <=
drv_gen5_108-04-20120
Version
0
Status
affected
HerstellerCarrier
≫
Produkt
i-Vu
Default Statusunaffected
Version <=
8.5
Version
0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.172 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productsecurity@carrier.com | 8.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-248 Uncaught Exception
An exception is thrown from a function, but it is not caught.