Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.
AnalysisAI
Session token exposure in Contemporary Controls BASControl20 3.1 building automation controller enables unauthenticated remote attackers to forge authenticated requests via network traffic interception. Exploitation requires attacker ability to sniff network traffic containing authentication credentials, which can then be replayed to execute arbitrary commands with full system privileges. Classified as CWE-807 (untrusted input reliance), this vulnerability permits complete compromise of controller confidentiality, integrity, and availability without user interaction. No public exploit identified at time of analysis.
Technical ContextAI
Root cause is inadequate session management allowing credential replay attacks (CWE-807). Authentication tokens transmitted over the network lack cryptographic binding or replay protection mechanisms, permitting passive network interception followed by credential reuse. CVSS:4.0 vector confirms unauthenticated network attack (PR:N, AV:N) with no complexity barriers (AC:L, AT:N), yielding high impact across all CIA dimensions for vulnerable component.
RemediationAI
No vendor-released patch identified at time of analysis. Contact Contemporary Controls technical support directly via https://www.ccontrols.com/support/contacttech.htm for remediation guidance specific to BASControl20 3.1 deployments. Until patches are available, implement network segmentation to isolate BASControl20 devices from untrusted networks, deploy encrypted communication channels (VPN/TLS) to prevent credential interception, and restrict network access to the controller using firewall rules permitting only authenticated administrative hosts. Monitor CISA advisory ICSA-26-099-01 for updates: https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-01. Consider disabling remote access features if operationally feasible until vendor provides cryptographically secure session management.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209395