VYPR

Webctrl Premium Server

by Automated Logic

CVEs (4)

  • CVE-2026-24060Mar 20, 2026
    risk 0.00cvss epss 0.00

    Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet…

  • CVE-2026-32666Mar 20, 2026
    risk 0.00cvss epss 0.00

    WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or…

  • CVE-2026-25086Mar 20, 2026
    risk 0.00cvss epss 0.00

    Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software.

  • CVE-2022-1019Apr 19, 2022
    risk 0.00cvss epss 0.01

    Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file.