CP
cyberpings
VulnerabilitiesHIGH

Automated Logic WebCTRL Premium Server - Critical Vulnerabilities Found

CICISA Advisories
CVE-2026-25086CVE-2026-32666CVE-2026-24060Automated LogicWebCTRL Premium Server
🎯

Basically, there are serious security holes in a software that control buildings.

Quick Summary

Automated Logic's WebCTRL Premium Server has critical vulnerabilities that could expose sensitive data. Users are urged to upgrade to secure versions to protect their systems. Don't wait until it's too late!

The Flaw

Automated Logic's WebCTRL Premium Server has been found to have several critical vulnerabilities that could be exploited by attackers. These flaws include multiple binds to the same port, authentication bypass by spoofing, and cleartext transmission of sensitive information. If exploited, these vulnerabilities could allow unauthorized users to read, intercept, or modify communications within the system.

The vulnerabilities are particularly alarming as they affect versions of the WebCTRL Premium Server prior to v8.5. Attackers could manipulate the server without needing to inject malicious code, making it easier for them to gain access. The CVSS scores for these vulnerabilities range from 7.5 to 9.1, indicating a high severity level.

What's at Risk

The risks associated with these vulnerabilities are significant. Automated Logic's WebCTRL system is widely used in commercial facilities for building automation and control. An attacker could potentially disrupt operations, gain unauthorized access to sensitive data, or even control building systems remotely. This could lead to serious safety and operational issues.

The vulnerabilities particularly affect the BACnet protocol used for communication, which lacks network layer authentication. This means that attackers with network access could easily spoof legitimate BACnet packets, further compromising the integrity of the system. The potential for data interception and manipulation poses a serious threat to organizations relying on this technology.

Patch Status

Automated Logic has acknowledged these vulnerabilities and recommends that users upgrade to the latest version of the WebCTRL server application, which includes support for the more secure BACnet Secure Connect (BACnet/SC). This upgrade introduces TLS encryption and mutual authentication, significantly enhancing the security of communications.

For those using versions prior to v8.5, Automated Logic notes that WebCTRL 7 has reached its end of life and is no longer supported. Users are strongly encouraged to follow secure configuration guidance and adopt best practices for network segmentation and access control to mitigate risks while they transition to supported versions.

Immediate Actions

Organizations using the Automated Logic WebCTRL Premium Server should take immediate action to protect their systems. This includes:

  • Upgrading to the latest supported version of WebCTRL.
  • Implementing BACnet Secure Connect to secure communications.
  • Following best practices for network segmentation and access control as outlined by Automated Logic.

Additionally, organizations should conduct a thorough risk assessment to understand the potential impact of these vulnerabilities on their operations. Regularly monitoring for suspicious activity and maintaining updated security protocols will help safeguard against potential exploitation of these vulnerabilities.

🔒 Pro insight: The lack of network layer authentication in BACnet could lead to widespread exploitation if organizations fail to upgrade their systems promptly.

Original article from

CISA Advisories · CISA

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Zimbra Vulnerability - CISA Issues Urgent Warning

CISA has identified a serious vulnerability in Zimbra Collaboration Suite. Organizations must act quickly to patch their systems to avoid unauthorized access and data breaches. This flaw is actively being exploited, making immediate remediation critical.

Cyber Security News·
CRITICALVulnerabilities

Vulnerabilities - CISA Adds Critical Exploited CVE Alert

CISA has flagged CVE-2026-20131 as actively exploited. This vulnerability affects Cisco firewall products, posing serious risks to federal networks. Organizations must act quickly to patch it.

CISA Advisories·
HIGHVulnerabilities

Vulnerabilities - CISA Urges Security for Microsoft Intune

CISA has issued an urgent alert for organizations to secure Microsoft Intune following a breach at Stryker Corporation. This highlights the risks of endpoint management vulnerabilities. Organizations must act quickly to implement security best practices.

Cyber Security News·
HIGHVulnerabilities

Vulnerabilities in IGL-Technologies eParking.fi Exposed

Critical vulnerabilities have been found in IGL-Technologies eParking.fi. These flaws could allow unauthorized access and disrupt charging services. Immediate updates are necessary to protect users and infrastructure.

CISA Advisories·
HIGHVulnerabilities

Schneider Electric Vulnerability - Critical Risk in PME and EPO

A critical vulnerability has been discovered in Schneider Electric's EcoStruxure PME and EPO software. This flaw could allow unauthorized access, affecting critical infrastructure sectors. Immediate upgrades and security measures are essential to mitigate risks.

CISA Advisories·
MEDIUMVulnerabilities

Schneider Electric Modicon Vulnerability - Denial of Service Risk

A vulnerability in Schneider Electric's Modicon controllers could lead to a denial-of-service condition. Affected versions include M241, M251, and M262. Immediate action is recommended to mitigate risks.

CISA Advisories·