9.1
CVE-2026-24060
- EPSS 0.2%
- Veröffentlicht 20.03.2026 23:19:05
- Zuletzt bearbeitet 23.03.2026 16:16:43
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAutomated Logic
≫
Produkt
WebCTRL Premium Server
Default Statusunaffected
Version
0
Version <
v8.5
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.098 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json
https://www.automatedlogic.com/en/company/security-commitment/