VYPR

I Vu

by Automated Logic

CVEs (9)

  • CVE-2024-5539CriNov 27, 2025
    risk 0.60cvss epss 0.00

    The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server.

  • CVE-2024-8527HigNov 19, 2025
    risk 0.56cvss epss 0.00

    Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.

  • CVE-2017-9650HigAug 25, 2017
    risk 0.54cvss 7.8epss 0.02

    An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior;…

  • CVE-2017-9644HigAug 25, 2017
    risk 0.49cvss 7.0epss 0.01

    An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL,…

  • CVE-2016-5795HigAug 31, 2017
    risk 0.48cvss 7.3epss 0.02

    An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly…

  • CVE-2025-14295HigJan 22, 2026
    risk 0.46cvss epss 0.00

    Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a…

  • CVE-2024-5540MedNov 27, 2025
    risk 0.45cvss epss 0.00

    The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser .

  • CVE-2017-9640MedAug 25, 2017
    risk 0.45cvss 6.3epss 0.08

    A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web…

  • CVE-2024-8528MedNov 19, 2025
    risk 0.35cvss epss 0.00

    Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized.