Skip to main content

Webctrl Premium Server CVE-2026-24060

| EUVDEUVD-2026-13840 CRITICAL
Cleartext Transmission of Sensitive Information (CWE-319)
2026-03-20 icscert
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 20, 2026 - 23:46 euvd
EUVD-2026-13840
Analysis Generated
Mar 20, 2026 - 23:46 vuln.today
CVE Published
Mar 20, 2026 - 23:19 nvd
CRITICAL 9.1

DescriptionCVE.org

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered.

AnalysisAI

This vulnerability affects Automated Logic's WebCTRL Premium Server, which transmits BACnet protocol data in cleartext without encryption. An attacker positioned on the network can sniff sensitive service information including File Start Position, File Data, and proprietary PLC update formats using tools like Wireshark, enabling both information disclosure and potential integrity attacks through modification of intercepted traffic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position network sniffer on BACnet traffic path
Delivery
Capture unencrypted service packets with Wireshark
Exploit
Extract sensitive file position and data
Execution
Modify packets and retransmit to target
Persist
Intercept WebCTRL PLC update protocol
Impact
Reverse engineer proprietary format for code injection

Vulnerability AssessmentAI

Exploitation No special conditions — remote unauthenticated exploitation against default BACnet installations. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) indicates this is a network-exploitable vulnerability with low attack complexity, no privileges required, and high impact to confidentiality and integrity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who gains access to the building management network—either through physical access to network infrastructure, compromised credentials on an adjacent system, or lateral movement from another network segment—positions a packet capture tool on a network tap or compromised switch port. Using Wireshark with BACnet dissector filters, the attacker passively captures file transfer operations between WebCTRL Premium Server and connected PLCs, extracting sensitive configuration data, operational parameters, and proprietary update formats. …
Remediation Organizations should immediately consult the CISA ICS advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08 and Automated Logic's security commitment page at https://www.automatedlogic.com/en/company/security-commitment/ for specific patch availability and upgrade instructions. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all WebCTRL Premium Server instances and document network connectivity; restrict network access to these systems using firewall rules to trusted administrative networks only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-24060 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy