| CVE-2026-24060 | | 0.00 | — | 0.00 | | Mar 20, 2026 | Service information is not encrypted when transmitted as BACnet packets
over the wire, and can be sniffed, intercepted, and modified by an
attacker. Valuable information such as the File Start Position and File
Data can be sniffed from network traffic using Wireshark's BACnet
dissector filter. The proprietary format used by WebCTRL to receive
updates from the PLC can also be sniffed and reverse engineered. |
| CVE-2026-32666 | | 0.00 | — | 0.00 | | Mar 20, 2026 | WebCTRL systems that communicate over BACnet inherit the protocol's lack
of network layer authentication. WebCTRL does not implement additional
validation of BACnet traffic so an attacker with network access could
spoof BACnet packets directed at either the WebCTRL server or associated
AutomatedLogic controllers. Spoofed packets may be processed as
legitimate. |
| CVE-2026-25086 | | 0.00 | — | 0.00 | | Mar 20, 2026 | Under certain conditions, an attacker could bind to the same port used
by WebCTRL. This could allow the attacker to craft and send malicious
packets and impersonate the WebCTRL service without requiring code
injection into the WebCTRL software. |
