Unrated severityNVD Advisory· Published Mar 20, 2026· Updated Mar 23, 2026
Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information
CVE-2026-24060
Description
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.