CVE-2019-10851
Description
Computrols CBAS 18.0.0 has hard-coded encryption keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Computrols CBAS 18.0.0 contains hard-coded encryption keys, enabling attackers to decrypt sensitive communications.
Vulnerability
Computrols CBAS version 18.0.0 uses hard-coded encryption keys [1][2]. The keys are embedded in the software, which allows anyone with access to the binary or source to discover them. This affects the building automation system's communication security.
Exploitation
An attacker who gains access to the software binary can extract the hard-coded encryption keys [1][2]. No authentication or user interaction is required to discover the keys from the software. The attacker can then use the keys to decrypt captured network traffic or communicate with the system.
Impact
Successful exploitation allows an attacker to decrypt sensitive data transmitted between CBAS components, potentially compromising confidentiality of building control commands and sensor data. This could lead to unauthorized access or manipulation of the building automation system.
Mitigation
As of the available references, no patch or workaround has been publicly disclosed for CVE-2019-10851 [1][2]. Users should monitor vendor advisories and consider network segmentation or encryption at the transport layer as interim measures.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Computrols/CBASdescription
- Range: = 18.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- applied-risk.com/index.php/download_file/view/196/165mitrex_refsource_MISC
- applied-risk.com/labs/advisoriesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.